71604429c5b46c02204dc4d3c26df926cebc903213afe8330bf44f841c6b0a86

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 22:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe
Size

184KB
MD5

10545a87ca452b40a3227f06f89af0b0
SHA1

8a3b668b265a4f0c1b518c877c011f3ccb7a0ce4
SHA256

71604429c5b46c02204dc4d3c26df926cebc903213afe8330bf44f841c6b0a86
SHA512

d3cfe598878942c1ab9520c7c29a076fe11cb375a2d6a0c2d2756f09eca501537c43f2d83b5e65c284268ae25eb5f22285351b97e17b062ce6179d5446e3e2aa
SSDEEP

1536:97r76j4lukcRotx1lpiT5pwHG2IyvHclJmdHqSkF2bzmtThl5hj5nizpv2:NqPkcRoTHpizOGtW8hSkFsEThlnViFe

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2600	Unicorn-56374.exe
2684	Unicorn-58045.exe
2640	Unicorn-16458.exe
2436	Unicorn-21201.exe
936	Unicorn-54620.exe
2424	Unicorn-13032.exe
1492	Unicorn-2809.exe
1484	Unicorn-13670.exe
2480	Unicorn-43650.exe
2452	Unicorn-4755.exe
1520	Unicorn-46343.exe
1140	Unicorn-5907.exe
1760	Unicorn-45871.exe
772	Unicorn-39326.exe
944	Unicorn-18714.exe
1836	Unicorn-47817.exe
2588	Unicorn-38580.exe
2784	Unicorn-58678.exe
2216	Unicorn-35565.exe
1560	Unicorn-20957.exe
1180	Unicorn-46208.exe
1848	Unicorn-33209.exe
868	Unicorn-59659.exe
2036	Unicorn-51491.exe
1060	Unicorn-58268.exe
1320	Unicorn-4428.exe
2292	Unicorn-46016.exe
1524	Unicorn-37655.exe
1640	Unicorn-61605.exe
2120	Unicorn-35155.exe
2884	Unicorn-14542.exe
2912	Unicorn-52046.exe
2524	Unicorn-37532.exe
2616	Unicorn-48201.exe
2612	Unicorn-51730.exe
592	Unicorn-27418.exe
596	Unicorn-3468.exe
1416	Unicorn-49976.exe
572	Unicorn-13582.exe
1428	Unicorn-33448.exe
2512	Unicorn-56006.exe
2592	Unicorn-51922.exe
1944	Unicorn-27972.exe
1588	Unicorn-17112.exe
2328	Unicorn-19804.exe
1648	Unicorn-1351.exe
1132	Unicorn-19826.exe
1464	Unicorn-22518.exe
1764	Unicorn-22518.exe
2072	Unicorn-42384.exe
1704	Unicorn-3297.exe
804	Unicorn-14158.exe
1020	Unicorn-7443.exe
2320	Unicorn-13987.exe
2356	Unicorn-62996.exe
1748	Unicorn-33339.exe
1928	Unicorn-40115.exe
2560	Unicorn-44584.exe
2252	Unicorn-13110.exe
2584	Unicorn-54698.exe
2460	Unicorn-35669.exe
2604	Unicorn-16209.exe
2140	Unicorn-12124.exe
1156	Unicorn-30599.exe

Loads dropped DLL 64 IoCs

pid	Process
3008	10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe
3008	10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe
2600	Unicorn-56374.exe
3008	10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe
3008	10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe
2600	Unicorn-56374.exe
2684	Unicorn-58045.exe
2684	Unicorn-58045.exe
2600	Unicorn-56374.exe
2600	Unicorn-56374.exe
2640	Unicorn-16458.exe
2640	Unicorn-16458.exe
552	WerFault.exe
552	WerFault.exe
552	WerFault.exe
552	WerFault.exe
552	WerFault.exe
2436	Unicorn-21201.exe
2436	Unicorn-21201.exe
2684	Unicorn-58045.exe
2684	Unicorn-58045.exe
936	Unicorn-54620.exe
936	Unicorn-54620.exe
2424	Unicorn-13032.exe
2424	Unicorn-13032.exe
2640	Unicorn-16458.exe
2640	Unicorn-16458.exe
952	WerFault.exe
952	WerFault.exe
952	WerFault.exe
952	WerFault.exe
1984	WerFault.exe
1984	WerFault.exe
1984	WerFault.exe
1984	WerFault.exe
952	WerFault.exe
1984	WerFault.exe
1484	Unicorn-13670.exe
1484	Unicorn-13670.exe
1492	Unicorn-2809.exe
1492	Unicorn-2809.exe
2436	Unicorn-21201.exe
2436	Unicorn-21201.exe
936	Unicorn-54620.exe
936	Unicorn-54620.exe
2452	Unicorn-4755.exe
2452	Unicorn-4755.exe
2480	Unicorn-43650.exe
2424	Unicorn-13032.exe
2480	Unicorn-43650.exe
2424	Unicorn-13032.exe
1520	Unicorn-46343.exe
1520	Unicorn-46343.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
2384	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2940	3008	WerFault.exe	27
552	2600	WerFault.exe	28
952	2684	WerFault.exe	30
1984	2640	WerFault.exe	29
3016	2436	WerFault.exe	32
1252	936	WerFault.exe	33
2384	2424	WerFault.exe	34
2632	1484	WerFault.exe	37
2636	1492	WerFault.exe	36
2652	2480	WerFault.exe	38
2564	2452	WerFault.exe	39
2736	1520	WerFault.exe	40
844	1140	WerFault.exe	43
1776	2784	WerFault.exe	49
1676	772	WerFault.exe	45
2364	2216	WerFault.exe	50
1328	944	WerFault.exe	46
684	2588	WerFault.exe	48
696	1760	WerFault.exe	44
1264	1836	WerFault.exe	47
2256	1560	WerFault.exe	54
2280	1180	WerFault.exe	55
2168	2120	WerFault.exe	62
2108	2912	WerFault.exe	66
948	2884	WerFault.exe	65
1780	2292	WerFault.exe	60
2516	1060	WerFault.exe	59
2192	1640	WerFault.exe	64
2820	868	WerFault.exe	57
2672	1848	WerFault.exe	56
1084	1320	WerFault.exe	61
3004	1524	WerFault.exe	63
2888	2524	WerFault.exe	72
2100	2616	WerFault.exe	73
1716	2612	WerFault.exe	74
2432	1464	WerFault.exe	87
3092	1764	WerFault.exe	88
3156	804	WerFault.exe	91
3168	2072	WerFault.exe	89
3204	2512	WerFault.exe	80
3212	1704	WerFault.exe	90
3236	1416	WerFault.exe	77
3248	1944	WerFault.exe	83
3448	1156	WerFault.exe	113
3472	3048	WerFault.exe	119
3496	2776	WerFault.exe	153
3536	2460	WerFault.exe	107
3528	1020	WerFault.exe	96
3604	1928	WerFault.exe	103
3704	572	WerFault.exe	78
3784	2328	WerFault.exe	84
3800	2036	WerFault.exe	58
3936	1588	WerFault.exe	82
3944	596	WerFault.exe	76
3980	2416	WerFault.exe	143
4004	2584	WerFault.exe	106
4036	2252	WerFault.exe	105
3140	592	WerFault.exe	75
3340	1428	WerFault.exe	79
3360	2560	WerFault.exe	104
3576	2976	WerFault.exe	120
3600	1644	WerFault.exe	115
3660	1912	WerFault.exe	116
3480	2792	WerFault.exe	118

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3008	10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe
2600	Unicorn-56374.exe
2684	Unicorn-58045.exe
2640	Unicorn-16458.exe
2436	Unicorn-21201.exe
2424	Unicorn-13032.exe
936	Unicorn-54620.exe
1484	Unicorn-13670.exe
1492	Unicorn-2809.exe
2480	Unicorn-43650.exe
2452	Unicorn-4755.exe
1520	Unicorn-46343.exe
1140	Unicorn-5907.exe
1760	Unicorn-45871.exe
772	Unicorn-39326.exe
944	Unicorn-18714.exe
2784	Unicorn-58678.exe
2588	Unicorn-38580.exe
1836	Unicorn-47817.exe
2216	Unicorn-35565.exe
1560	Unicorn-20957.exe
1180	Unicorn-46208.exe
868	Unicorn-59659.exe
2036	Unicorn-51491.exe
1848	Unicorn-33209.exe
1320	Unicorn-4428.exe
1060	Unicorn-58268.exe
1524	Unicorn-37655.exe
2292	Unicorn-46016.exe
1640	Unicorn-61605.exe
2120	Unicorn-35155.exe
2884	Unicorn-14542.exe
2912	Unicorn-52046.exe
2524	Unicorn-37532.exe
2616	Unicorn-48201.exe
2612	Unicorn-51730.exe
592	Unicorn-27418.exe
596	Unicorn-3468.exe
1416	Unicorn-49976.exe
572	Unicorn-13582.exe
1428	Unicorn-33448.exe
1588	Unicorn-17112.exe
2592	Unicorn-51922.exe
2512	Unicorn-56006.exe
1944	Unicorn-27972.exe
1648	Unicorn-1351.exe
2328	Unicorn-19804.exe
1464	Unicorn-22518.exe
1764	Unicorn-22518.exe
1132	Unicorn-19826.exe
1704	Unicorn-3297.exe
2072	Unicorn-42384.exe
804	Unicorn-14158.exe
1020	Unicorn-7443.exe
2320	Unicorn-13987.exe
2356	Unicorn-62996.exe
1928	Unicorn-40115.exe
1748	Unicorn-33339.exe
2560	Unicorn-44584.exe
2252	Unicorn-13110.exe
2584	Unicorn-54698.exe
2460	Unicorn-35669.exe
2604	Unicorn-16209.exe
2140	Unicorn-12124.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2600	3008	10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe	28
PID 3008 wrote to memory of 2600	3008	10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe	28
PID 3008 wrote to memory of 2600	3008	10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe	28
PID 3008 wrote to memory of 2600	3008	10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe	28
PID 3008 wrote to memory of 2684	3008	10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe	30
PID 3008 wrote to memory of 2684	3008	10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe	30
PID 3008 wrote to memory of 2684	3008	10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe	30
PID 3008 wrote to memory of 2684	3008	10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe	30
PID 2600 wrote to memory of 2640	2600	Unicorn-56374.exe	29
PID 2600 wrote to memory of 2640	2600	Unicorn-56374.exe	29
PID 2600 wrote to memory of 2640	2600	Unicorn-56374.exe	29
PID 2600 wrote to memory of 2640	2600	Unicorn-56374.exe	29
PID 3008 wrote to memory of 2940	3008	10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe	31
PID 3008 wrote to memory of 2940	3008	10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe	31
PID 3008 wrote to memory of 2940	3008	10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe	31
PID 3008 wrote to memory of 2940	3008	10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe	31
PID 2684 wrote to memory of 2436	2684	Unicorn-58045.exe	32
PID 2684 wrote to memory of 2436	2684	Unicorn-58045.exe	32
PID 2684 wrote to memory of 2436	2684	Unicorn-58045.exe	32
PID 2684 wrote to memory of 2436	2684	Unicorn-58045.exe	32
PID 2600 wrote to memory of 936	2600	Unicorn-56374.exe	33
PID 2600 wrote to memory of 936	2600	Unicorn-56374.exe	33
PID 2600 wrote to memory of 936	2600	Unicorn-56374.exe	33
PID 2600 wrote to memory of 936	2600	Unicorn-56374.exe	33
PID 2640 wrote to memory of 2424	2640	Unicorn-16458.exe	34
PID 2640 wrote to memory of 2424	2640	Unicorn-16458.exe	34
PID 2640 wrote to memory of 2424	2640	Unicorn-16458.exe	34
PID 2640 wrote to memory of 2424	2640	Unicorn-16458.exe	34
PID 2600 wrote to memory of 552	2600	Unicorn-56374.exe	35
PID 2600 wrote to memory of 552	2600	Unicorn-56374.exe	35
PID 2600 wrote to memory of 552	2600	Unicorn-56374.exe	35
PID 2600 wrote to memory of 552	2600	Unicorn-56374.exe	35
PID 2436 wrote to memory of 1492	2436	Unicorn-21201.exe	36
PID 2436 wrote to memory of 1492	2436	Unicorn-21201.exe	36
PID 2436 wrote to memory of 1492	2436	Unicorn-21201.exe	36
PID 2436 wrote to memory of 1492	2436	Unicorn-21201.exe	36
PID 2684 wrote to memory of 1484	2684	Unicorn-58045.exe	37
PID 2684 wrote to memory of 1484	2684	Unicorn-58045.exe	37
PID 2684 wrote to memory of 1484	2684	Unicorn-58045.exe	37
PID 2684 wrote to memory of 1484	2684	Unicorn-58045.exe	37
PID 936 wrote to memory of 2480	936	Unicorn-54620.exe	38
PID 936 wrote to memory of 2480	936	Unicorn-54620.exe	38
PID 936 wrote to memory of 2480	936	Unicorn-54620.exe	38
PID 936 wrote to memory of 2480	936	Unicorn-54620.exe	38
PID 2424 wrote to memory of 2452	2424	Unicorn-13032.exe	39
PID 2424 wrote to memory of 2452	2424	Unicorn-13032.exe	39
PID 2424 wrote to memory of 2452	2424	Unicorn-13032.exe	39
PID 2424 wrote to memory of 2452	2424	Unicorn-13032.exe	39
PID 2640 wrote to memory of 1520	2640	Unicorn-16458.exe	40
PID 2640 wrote to memory of 1520	2640	Unicorn-16458.exe	40
PID 2640 wrote to memory of 1520	2640	Unicorn-16458.exe	40
PID 2640 wrote to memory of 1520	2640	Unicorn-16458.exe	40
PID 2684 wrote to memory of 952	2684	Unicorn-58045.exe	41
PID 2684 wrote to memory of 952	2684	Unicorn-58045.exe	41
PID 2684 wrote to memory of 952	2684	Unicorn-58045.exe	41
PID 2684 wrote to memory of 952	2684	Unicorn-58045.exe	41
PID 2640 wrote to memory of 1984	2640	Unicorn-16458.exe	42
PID 2640 wrote to memory of 1984	2640	Unicorn-16458.exe	42
PID 2640 wrote to memory of 1984	2640	Unicorn-16458.exe	42
PID 2640 wrote to memory of 1984	2640	Unicorn-16458.exe	42
PID 1484 wrote to memory of 1140	1484	Unicorn-13670.exe	43
PID 1484 wrote to memory of 1140	1484	Unicorn-13670.exe	43
PID 1484 wrote to memory of 1140	1484	Unicorn-13670.exe	43
PID 1484 wrote to memory of 1140	1484	Unicorn-13670.exe	43

C:\Users\Admin\AppData\Local\Temp\10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\10545a87ca452b40a3227f06f89af0b0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56374.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56374.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16458.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4428.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12399.exe
        9⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8694.exe
        10⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        11⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        12⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3015.exe
        13⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
        14⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 236
        14⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 216
        13⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
        12⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        11⤵
        
        PID:964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 216
        10⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
        9⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
        8⤵
        Program crash
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63375.exe
        9⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2576.exe
        10⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55036.exe
        11⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33498.exe
        12⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        13⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
        13⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
        12⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        11⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
        10⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 216
        9⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
        8⤵
        Program crash
        
        PID:3248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
        7⤵
        Program crash
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe
        8⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        9⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9457.exe
        10⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        11⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
        12⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe
        13⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
        12⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
        11⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        10⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 216
        9⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 236
        8⤵
        Program crash
        
        PID:3340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
        7⤵
        Program crash
        
        PID:1780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
        6⤵
        Program crash
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58678.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3297.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52965.exe
        8⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20760.exe
        9⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
        10⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38513.exe
        11⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21238.exe
        12⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
        13⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57037.exe
        14⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 236
        14⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 236
        13⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 236
        12⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        11⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 216
        10⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 236
        9⤵
        Program crash
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe
        8⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47039.exe
        9⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
        10⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
        11⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20203.exe
        12⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36996.exe
        13⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 236
        13⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 236
        12⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
        11⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        10⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 236
        9⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
        8⤵
        Program crash
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59742.exe
        7⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-147.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41751.exe
        9⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27548.exe
        10⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63204.exe
        11⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
        12⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        13⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 236
        12⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
        11⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        10⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 216
        9⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 236
        8⤵
        Program crash
        
        PID:3660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
        7⤵
        Program crash
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14158.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
        7⤵
        Executes dropped EXE
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        8⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
        9⤵
        Program crash
        
        PID:3496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 236
        8⤵
        Program crash
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41734.exe
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        8⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 220
        9⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
        8⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
        7⤵
        Program crash
        
        PID:3156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        6⤵
        Program crash
        
        PID:1776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59659.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7848.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        9⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        10⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
        11⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        12⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
        13⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
        14⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
        13⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
        12⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
        11⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 216
        10⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
        9⤵
        Program crash
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43680.exe
        8⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14916.exe
        9⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26453.exe
        10⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64600.exe
        11⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
        12⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31677.exe
        13⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 216
        13⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
        12⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
        11⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        10⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 216
        9⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 240
        8⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6457.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22706.exe
        8⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        9⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3536.exe
        10⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        11⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12501.exe
        12⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62351.exe
        13⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 236
        12⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
        11⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
        10⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
        9⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
        8⤵
        Program crash
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 240
        7⤵
        Program crash
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
        8⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        9⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        10⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
        11⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
        12⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 236
        12⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
        11⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 236
        10⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
        9⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
        8⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 236
        7⤵
        Program crash
        
        PID:2432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
        6⤵
        Program crash
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56006.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52664.exe
        7⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        8⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41087.exe
        9⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        10⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
        11⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe
        12⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
        11⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
        10⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        9⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
        8⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
        7⤵
        Program crash
        
        PID:3204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 236
        6⤵
        Program crash
        
        PID:2516
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 240
        5⤵
        Program crash
        
        PID:2736
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54620.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38580.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49976.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1325.exe
        8⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
        9⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        10⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4517.exe
        11⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        12⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 200
        13⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        12⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 236
        11⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        10⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
        9⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 236
        8⤵
        Program crash
        
        PID:3236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
        7⤵
        Program crash
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13582.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
        7⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35441.exe
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63204.exe
        10⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6689.exe
        11⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2294.exe
        12⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 236
        12⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 236
        11⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
        10⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        9⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
        8⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
        7⤵
        Program crash
        
        PID:3704
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
        6⤵
        Program crash
        
        PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44584.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        7⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
        8⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        9⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe
        10⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
        11⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4432.exe
        12⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 236
        12⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
        11⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
        10⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 216
        9⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 216
        8⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
        7⤵
        Program crash
        
        PID:3360
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
        6⤵
        Program crash
        
        PID:2108
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
        5⤵
        Program crash
        
        PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18714.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35155.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        8⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        9⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
        10⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        11⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
        12⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
        12⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 236
        11⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        10⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 216
        9⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
        8⤵
        Program crash
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6732.exe
        7⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8611.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36100.exe
        9⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29738.exe
        10⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
        11⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63062.exe
        12⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 236
        12⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
        11⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        10⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        9⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 216
        8⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
        7⤵
        Program crash
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1325.exe
        7⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27169.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
        10⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26975.exe
        11⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe
        12⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 236
        11⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        10⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        9⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 236
        8⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        7⤵
        Program crash
        
        PID:4004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        6⤵
        Program crash
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35669.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        7⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17958.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56437.exe
        9⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41139.exe
        10⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
        11⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20852.exe
        12⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 236
        11⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
        10⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
        9⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 216
        8⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        7⤵
        Program crash
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
        6⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
        7⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21793.exe
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28638.exe
        9⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21936.exe
        10⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
        11⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
        11⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 236
        10⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 236
        9⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        8⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 216
        7⤵
        
        PID:4968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
        6⤵
        Program crash
        
        PID:3944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
        5⤵
        Program crash
        
        PID:1328
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1252
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58045.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58045.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21201.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2809.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45871.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61605.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17112.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58009.exe
        8⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
        9⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        10⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        11⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55480.exe
        12⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        13⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 236
        12⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
        11⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        10⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 216
        9⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
        8⤵
        Program crash
        
        PID:3936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
        7⤵
        Program crash
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19804.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44989.exe
        7⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53152.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
        9⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        10⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36238.exe
        11⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
        12⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
        11⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
        10⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        9⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
        8⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 236
        7⤵
        Program crash
        
        PID:3784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
        6⤵
        Program crash
        
        PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37655.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        7⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3048.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
        9⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
        10⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26228.exe
        11⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
        11⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
        10⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        9⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 216
        8⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
        7⤵
        
        PID:4012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
        6⤵
        Program crash
        
        PID:3004
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
        5⤵
        Program crash
        
        PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39326.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51491.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        7⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44569.exe
        9⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        10⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
        11⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        12⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
        11⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        10⤵
        
        PID:928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        9⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 216
        8⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
        7⤵
        Program crash
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe
        6⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43282.exe
        8⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
        9⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        10⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 200
        11⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
        10⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 236
        9⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        8⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 216
        7⤵
        
        PID:4584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
        6⤵
        Program crash
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16209.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48217.exe
        7⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        8⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
        9⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
        10⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
        11⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 236
        11⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 236
        10⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 236
        9⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        8⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
        7⤵
        
        PID:3388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
        6⤵
        Program crash
        
        PID:3092
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
        5⤵
        Program crash
        
        PID:1676
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20957.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37532.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        8⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53432.exe
        9⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
        10⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39224.exe
        11⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
        12⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        13⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61121.exe
        14⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
        14⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
        13⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
        12⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        11⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 216
        10⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
        9⤵
        Program crash
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2472.exe
        9⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe
        10⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
        11⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46160.exe
        12⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-540.exe
        13⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 216
        13⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 236
        12⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        11⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        10⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
        9⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
        7⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        8⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34351.exe
        9⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
        10⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21853.exe
        11⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
        12⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 236
        12⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
        11⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 236
        10⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 216
        9⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 236
        8⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        7⤵
        Program crash
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7443.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38850.exe
        7⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
        8⤵
        Program crash
        
        PID:3980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 236
        7⤵
        Program crash
        
        PID:3528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
        6⤵
        Program crash
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11797.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
        8⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        9⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
        10⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10607.exe
        11⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64110.exe
        12⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 216
        12⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 216
        11⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
        10⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
        9⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        8⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38548.exe
        7⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54299.exe
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18472.exe
        9⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
        10⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe
        11⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 236
        10⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        9⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        8⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
        7⤵
        
        PID:4464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
        6⤵
        Program crash
        
        PID:2100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 240
        5⤵
        Program crash
        
        PID:844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51730.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
        8⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
        9⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21002.exe
        10⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        11⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        12⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 216
        11⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 236
        10⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
        9⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        8⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
        7⤵
        
        PID:3624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
        6⤵
        Program crash
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40604.exe
        6⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        7⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18612.exe
        8⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
        9⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
        10⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59943.exe
        11⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 236
        11⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 236
        10⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
        9⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
        8⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 216
        7⤵
        
        PID:4524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
        6⤵
        Program crash
        
        PID:3604
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 240
        5⤵
        Program crash
        
        PID:2280
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
      4⤵
      Program crash
      PID:2632
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
  2⤵
  - Program crash
  PID:2940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe

Filesize
184KB

MD5
fb36a3e3953c8956a3c8e7b1d4c2de33

SHA1
8ae6ee3e50aab443f86a3393a7a666961c317e90

SHA256
cf91198cee387dfc79dab11d8c67d6fada27d00c993144d43616da40a4ba25eb

SHA512
c5aadfea0568db59de00aefe5f6d61bcb958b430f2bb6d8d57dd9be11bce14015a3bee27b2931503edcb7e914b256ed7e5b6b9aeb59d67045d2be994d483aed3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10607.exe

Filesize
184KB

MD5
27ee3c7a347b19bad7abbdadaa6540f0

SHA1
cdc85c5605f5337e32cbcb669c461a537f2b2451

SHA256
a5b4185b171bb5f5b84d9760e53a9e4b5e3a5e5db4b03367bfd3dd11eb360631

SHA512
fd4063844fb5a305b11e814abb71501f8c54202022397b9c35aa327d7b1609ec7a2d14411e32460dbfcdb81ba991e2927361c16879f2be4660d7f198b2076da8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe

Filesize
184KB

MD5
3a8dc2c646ffa5e9b21b7a5ec5086132

SHA1
4b7a076abb76212a5c22d385d3fd96da95b43f82

SHA256
461f997ff9d34fc4afbf39b53ad0d78529fff60d3546e7b12def834a9042844a

SHA512
f53d058649272a1d4f713557b8a506bb4a770c7fb20e07b8c0b73a019b3b5a8988e1471e44700beb3c46a0e0fb6291c0328c4130781e33001db0a3eca6c931c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41087.exe

Filesize
184KB

MD5
4f4cbf3b24a53053a10023c2e1991cb2

SHA1
62deab836a556630a701f51f88e1482cc5835783

SHA256
76ce5b92853170a55ed824e103113ffbbf440cb1d8142ba8f761c2331a00c78a

SHA512
8cb6d03e02d30e38184bfe5063267252e0b9e04223ada1a4099af3f537272b37e42936303aa8d2bd7e883c7a8369459e9906c1a5fa935b3fc18c09a699c59221

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41139.exe

Filesize
184KB

MD5
d2309b01ae87cc1837d510767f04ab4e

SHA1
4726dab6eca0506f501bda1942220703902b4e53

SHA256
c6b94ad23e0c5b4c739c563fd781aa9499c529f6986f9b8c97ab62394100fd3b

SHA512
c448eea53bb761020852506b7ef8fffd9f7419779d58f72290c836dbb9e7360476f2c26edd6ec961b2485934030579055b62f40cdc6a99fe731ef4d0708a21a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45871.exe

Filesize
184KB

MD5
4d03b043a19a7169fdbe12894d8e87ca

SHA1
b9814319e69d6b330b9190ca916a459d403be8c5

SHA256
531e6175d21171729a63aba7e4cdd26c81244f450e684606f452758edcee7c69

SHA512
b3f1aca3d748d5091799a385acb37c96c57c5899bb12b1e8d593931e7493ab8fb7ccf6705fee7016d0f7d1db44207df76a8b0c42c69b838a5719e21916e21eae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe

Filesize
184KB

MD5
84fd6d0be02b9f539b1b868eb7e6f170

SHA1
1b2915cff7064c2a06fe3c2ecb7713d6b6424a6a

SHA256
48d2d283b3f9a723866fcf1fcbbeb49942936a0fbaccd710d644aa914f53e11e

SHA512
ecbba2ee7d8ab8bc2c60c17eeda0dddd363a3c2f02d22817cb140d523dad44dea593c569a76d0dc407f0232e9c74f6490a8f4622e54c402832bf9e6de4d2d520

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63062.exe

Filesize
184KB

MD5
88ffa8243d021a05b56f1244a66c3469

SHA1
88a5d048d7da8c37999e60b2d26467216f42270a

SHA256
b9b1ebde8124205af3c63ef6abf6ed0391c238bb3e0263c0416857fb6e494bb0

SHA512
84a90a12877643738cd799aac863403ca0b0e90289020cd5483010066a417cc5ada68f950c1e9165041cbc1f0b01afb92c787ed6e84696f8a20a7496c3cececb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe

Filesize
184KB

MD5
26085f8de9aad82a3815d9d21ce3daba

SHA1
f59ca8f1879cd8723750400c269985542317ade2

SHA256
0c809a1eb714483358aaf91d1d0fb3aee7f964180fca5ccb620d09f4bb2dad0d

SHA512
a757969f0e9fca6aacee7c76352823c5273bf607147ce76656fa8c8dc67c0a5785ca424292cb2a6e308df22baa3770988c9b9f6005d600c02fba748d1fc63b8b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe

Filesize
184KB

MD5
519eed2879f7cd62ea06952da483ad2e

SHA1
bf00ebd2b0da94994f79cbe5df004aff66c9892d

SHA256
e723287e6ec145ee9de0b46df75a5deac55686d21c066682bfd0aee84d40d579

SHA512
af4f824390fbfe088ec27b72805f729b93b04f994c160328407685cd98771de19a8bb059f0481887505a7fd74908170624a777004e618c19688e3c90990b5b48

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe

Filesize
184KB

MD5
dcfc2c9f3e8b627899d0e10490387506

SHA1
4821bdd464ae4d9fcc16ecfab621fc88584899b9

SHA256
1b076cd9dc36040fc7a7843b9524ca2f26df95347a63f8197c27b68c6ca96452

SHA512
afb0cf286754a4f1035997f4819ef96e78a5a3e29d107aca5c0da99f1e31f9ab33694e56db2be759d25f65bb5b910d7fee1543afc46cc59841948c3f48a572a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16458.exe

Filesize
184KB

MD5
cf9ceee4266177da7bec98323a8360d4

SHA1
fffb902c7bc36cdba13db5fbe868afa5b3cffbdc

SHA256
319955d3510a29133a59f5138a6f3679ca7081c3cfa29e325e6fcf351ba1e0b6

SHA512
dae2d6b31d088a65789c1135e4a678956339817e5179a62c4a649517556a71e7848af5d3ddc7d8aaa8b5b21e8902c966697b7b039462738cc489e375227f113b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21201.exe

Filesize
184KB

MD5
5b19776ce1dad17e010a530190931111

SHA1
8ac0801c52aba5137052ae90369b981488f51232

SHA256
d6c0d0fa371190b5d7af0efdbee3fd6b8f0fea8c6ea919be0a63352eed99af60

SHA512
175399d51acc5165869538f721b597c7b2450c3a9532a5c20c6774d63b16d3bd34e43122c746b376dcc9ed133380b069d22ed2ce72639ee233d1b5297149585f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2809.exe

Filesize
184KB

MD5
eef176c27856ec6bf676adba617c8263

SHA1
b5c94566b4d05e1ba91ff87d4ed1427314c0a1f6

SHA256
f948ff9bce45782db94ccb733d572fec011139105181de9c903cd30bbd51a71f

SHA512
cf12f60c3d939d0f80cf8d6bf6dd4370aad9bcbb5ec9d676badd08f923d513abe5a3978d1ff56b872a35dab12e20824c483a37557a94107e9201848f19a9f18a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39326.exe

Filesize
184KB

MD5
3cbd6ef3a57aa41aa7731fd2ac9819c9

SHA1
1a77c75e5812bef80ed6ed22ef0c615aa240f22d

SHA256
2b0a763cb7905ccb588661e9cf5d43dee4146759eb860a1d9e03d37b337bf3d1

SHA512
8f212ae3dcc0b542ebdbe9cfb10bd1775bb61a5cd15b3e32e462e1c0b5c70c4a950d4fc571e388599bba4cceacaeaa5cb89634612a2bae26549682fb55fa7017

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe

Filesize
184KB

MD5
68cef92dd96b56aa3e219ed35304cf96

SHA1
70396b80890630786289dbcdf02bc55f7a72a983

SHA256
9a0f27b329412ead9b67d91363f09d39c61ef7f8e379aedbacb79686575124ea

SHA512
ed148fafb2a6aaef2da82bed9e38d0371b56195b24db1a595f7ed5fcb83182a4b5c6c0ee742e69bd6c9284beb4b4a79b098668d69f85ebd99933054547c6ec48

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe

Filesize
184KB

MD5
8fbabecbede8cdfd5976516df5e82219

SHA1
ebf8208cbb5996c9278c09d0d9c758f5219c38b9

SHA256
4ef5f1ec0f512a4ae14ab2cb8adad98ecb2b3ba751e2f449fd5a6eaa24683c4e

SHA512
5ab019d09ceb98b7c7a5f9a5d74a199a486eceba0f6e3fa33fbc6f161c5ba0850ca56751c69ce9d86dbeaab224afefe6ee8a82e3eb6382e857ee0f6d37788284

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe

Filesize
184KB

MD5
f689c4405f168818bd72a979eaba6378

SHA1
6739b777bcee972549d94f96b17d7e3accb9bf0f

SHA256
abeaa7b1adaf7f51acdc3cced0bd96cc83fd536dd3a059ec65966f3a5e51d272

SHA512
cba88f382d1af8acf8e2a9bac2dfdd300af714709ff79d6ba3886dc9a2b9a1aa60ab9527e117661d91eea3c680907d114750cf0003b8b5b34c1184f4c228e765

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54620.exe

Filesize
184KB

MD5
4bb55fc75d4b10187913484c7b6ac9b5

SHA1
b86e1e1e0d4e622f902b2bf9cdeca4c4428ad9d7

SHA256
bb6f7c6311d1a531da357292b2ea6d7d3b742fb2d2b3bd15ea1ab416685a4b5e

SHA512
3986e668c8e16a4cae9609bfef526d0fe7d6363cc4d36a98b32662acce78afe33bc4fe76ca913b74f9b39d56c092e1e57867c4ded5804e4d0b0f9dcbfaf06d15

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56374.exe

Filesize
184KB

MD5
5bbcdc38acb24475b8e9d10a82e549d2

SHA1
d2da4c3460c0436f387590c33f2c4c70aefda2ff

SHA256
1415b69b28713cb841690c27ce0c18dc041a24f92d19621cc79de0bb23840eb1

SHA512
39c58594847f24b95f0ba21c889c407f0ccb6911746793eea1c1ef28d3713b2f7d4bf99e0543715983be7046a24c3d37a71750de14489b68471b8dfbfdb86502

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58045.exe

Filesize
184KB

MD5
9d61b630677c19c335832a649dd11fc8

SHA1
8cb0eeeae5f548eb175ad8cbc452f14a9bb87e96

SHA256
0dd095b638021879a0e4ee477a060479499b0bfb91c071fa4818be277603dede

SHA512
fe1bf42bc80eceab8240ea95fcf91e72196996f390763ac85cb401a630d739c60598f3e336c1e56eddb1727177dd8e66bbc6dbf77aa8b6f4df471a468bb632e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe

Filesize
184KB

MD5
f801430a33dce4bdfb88b730cc3aa9cf

SHA1
5afa046ac28fbdcf2be86cb5a99fb7ddfd29f38c

SHA256
12875c08e27e65c6530700b60ee4f6bd727810a498a946136532ed8870c6e39d

SHA512
1f5014b287a92eac8aa6e179c1a21a8dd534105054a4cf68164984b808797e230bfd33a5352901b7dd14ff5f950bdb947991d749d8a943bfeb9c5b746a5868a6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads