2abe9738ce055308f6dc559d71a1e8618cb87b434355e7541b76ba580339fc7f

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-05-2024 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe
Size

184KB
MD5

589b74f930150e16c7fdb8a7754254d0
SHA1

984bbea3359d9fc433885c2e391c8d45d8ec1049
SHA256

2abe9738ce055308f6dc559d71a1e8618cb87b434355e7541b76ba580339fc7f
SHA512

cb26388e133d8e61feb5a833ad1d4ecf1efbc0b649d0f45e1c3fcc4fbdebae06c0eb3a2fa9dad7a728cb1eed82d239092bcddd376023015003efc431e075d89a
SSDEEP

3072:BdA3LxoT7/OBdHtWeGCLRxsKVlnViF7n3:Bd2oWPHtTLnsKVlnViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2668	Unicorn-31420.exe
2624	Unicorn-56007.exe
2628	Unicorn-1331.exe
2728	Unicorn-16091.exe
2480	Unicorn-53594.exe
2444	Unicorn-7922.exe
1604	Unicorn-47476.exe
2268	Unicorn-43392.exe
2760	Unicorn-19442.exe
1652	Unicorn-35224.exe
1052	Unicorn-29556.exe
2716	Unicorn-31031.exe
1760	Unicorn-7081.exe
2080	Unicorn-6526.exe
2296	Unicorn-29661.exe
2336	Unicorn-56303.exe
3044	Unicorn-36437.exe
2364	Unicorn-48135.exe
652	Unicorn-24185.exe
980	Unicorn-60148.exe
828	Unicorn-49287.exe
2168	Unicorn-51233.exe
1820	Unicorn-16423.exe
2140	Unicorn-29229.exe
1204	Unicorn-18369.exe
2340	Unicorn-5924.exe
2900	Unicorn-39343.exe
1628	Unicorn-2909.exe
2016	Unicorn-25468.exe
1560	Unicorn-470.exe
1572	Unicorn-32820.exe
2952	Unicorn-19499.exe
2004	Unicorn-49334.exe
1808	Unicorn-55919.exe
2536	Unicorn-40974.exe
2848	Unicorn-12193.exe
1264	Unicorn-23054.exe
1964	Unicorn-26584.exe
2772	Unicorn-2634.exe
2820	Unicorn-45634.exe
1028	Unicorn-40158.exe
956	Unicorn-51856.exe
948	Unicorn-39412.exe
1376	Unicorn-49718.exe
1736	Unicorn-48135.exe
1620	Unicorn-39220.exe
1636	Unicorn-8493.exe
1732	Unicorn-37828.exe
3056	Unicorn-37828.exe
1288	Unicorn-53610.exe
2052	Unicorn-37850.exe
2084	Unicorn-13900.exe
1976	Unicorn-33766.exe
844	Unicorn-30943.exe
1044	Unicorn-2717.exe
1772	Unicorn-22583.exe
2836	Unicorn-60107.exe
2896	Unicorn-46464.exe
2696	Unicorn-31519.exe
2920	Unicorn-48410.exe
1616	Unicorn-14798.exe
576	Unicorn-14798.exe
1096	Unicorn-60491.exe
2780	Unicorn-5815.exe

Loads dropped DLL 64 IoCs

pid	Process
1704	589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe
1704	589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe
2668	Unicorn-31420.exe
1704	589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe
2668	Unicorn-31420.exe
1704	589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe
2624	Unicorn-56007.exe
2624	Unicorn-56007.exe
2668	Unicorn-31420.exe
2668	Unicorn-31420.exe
2628	Unicorn-1331.exe
2628	Unicorn-1331.exe
436	WerFault.exe
436	WerFault.exe
436	WerFault.exe
436	WerFault.exe
436	WerFault.exe
2480	Unicorn-53594.exe
2480	Unicorn-53594.exe
2728	Unicorn-16091.exe
2728	Unicorn-16091.exe
2624	Unicorn-56007.exe
2624	Unicorn-56007.exe
2444	Unicorn-7922.exe
2628	Unicorn-1331.exe
2444	Unicorn-7922.exe
2628	Unicorn-1331.exe
1996	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
768	WerFault.exe
768	WerFault.exe
768	WerFault.exe
768	WerFault.exe
1996	WerFault.exe
768	WerFault.exe
1652	Unicorn-35224.exe
2444	Unicorn-7922.exe
1652	Unicorn-35224.exe
2444	Unicorn-7922.exe
2760	Unicorn-19442.exe
2760	Unicorn-19442.exe
2268	Unicorn-43392.exe
2268	Unicorn-43392.exe
1052	Unicorn-29556.exe
1052	Unicorn-29556.exe
2728	Unicorn-16091.exe
2728	Unicorn-16091.exe
1604	Unicorn-47476.exe
1604	Unicorn-47476.exe
2480	Unicorn-53594.exe
2480	Unicorn-53594.exe
440	WerFault.exe
440	WerFault.exe
440	WerFault.exe
440	WerFault.exe
2352	WerFault.exe
2352	WerFault.exe
2352	WerFault.exe
2352	WerFault.exe
440	WerFault.exe
2352	WerFault.exe
692	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2096	1704	WerFault.exe	27
436	2668	WerFault.exe	28
1996	2624	WerFault.exe	29
768	2628	WerFault.exe	30
440	2480	WerFault.exe	33
2352	2728	WerFault.exe	32
692	2444	WerFault.exe	34
2904	1652	WerFault.exe	39
2688	2760	WerFault.exe	38
2580	2268	WerFault.exe	37
2676	1052	WerFault.exe	40
2864	1604	WerFault.exe	36
1816	2080	WerFault.exe	45
1088	3044	WerFault.exe	48
2892	2336	WerFault.exe	47
700	2364	WerFault.exe	49
1788	2296	WerFault.exe	46
2224	2716	WerFault.exe	43
1564	652	WerFault.exe	50
2752	1760	WerFault.exe	44
308	1820	WerFault.exe	57
2908	1204	WerFault.exe	59
3016	2168	WerFault.exe	56
1200	1628	WerFault.exe	62
1356	2900	WerFault.exe	61
2924	2536	WerFault.exe	74
2116	2140	WerFault.exe	58
1664	2340	WerFault.exe	60
2392	1808	WerFault.exe	73
2980	948	WerFault.exe	82
1568	1028	WerFault.exe	80
2036	1376	WerFault.exe	83
2816	2848	WerFault.exe	75
1872	1636	WerFault.exe	86
1752	2772	WerFault.exe	78
2404	1620	WerFault.exe	87
3468	2084	WerFault.exe	93
3500	828	WerFault.exe	55
3520	1264	WerFault.exe	76
3552	980	WerFault.exe	54
3624	1560	WerFault.exe	65
3656	2016	WerFault.exe	63
3688	1976	WerFault.exe	94
3696	2952	WerFault.exe	64
3748	1288	WerFault.exe	91
3760	3056	WerFault.exe	89
3776	1572	WerFault.exe	66
3784	1964	WerFault.exe	77
3964	2920	WerFault.exe	108
4040	844	WerFault.exe	99
3112	2004	WerFault.exe	72
3204	2052	WerFault.exe	92
3272	2836	WerFault.exe	105
3268	576	WerFault.exe	109
3352	1736	WerFault.exe	85
3384	1456	WerFault.exe	128
3416	2488	WerFault.exe	130
3428	2420	WerFault.exe	129
3452	1336	WerFault.exe	131
3484	1616	WerFault.exe	110
3588	1732	WerFault.exe	88
3604	956	WerFault.exe	81
3704	2596	WerFault.exe	114
3972	2252	WerFault.exe	134

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1704	589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe
2668	Unicorn-31420.exe
2624	Unicorn-56007.exe
2628	Unicorn-1331.exe
2480	Unicorn-53594.exe
2728	Unicorn-16091.exe
2444	Unicorn-7922.exe
2268	Unicorn-43392.exe
1652	Unicorn-35224.exe
1052	Unicorn-29556.exe
2760	Unicorn-19442.exe
1604	Unicorn-47476.exe
2716	Unicorn-31031.exe
1760	Unicorn-7081.exe
2080	Unicorn-6526.exe
2336	Unicorn-56303.exe
3044	Unicorn-36437.exe
2296	Unicorn-29661.exe
2364	Unicorn-48135.exe
652	Unicorn-24185.exe
828	Unicorn-49287.exe
980	Unicorn-60148.exe
2168	Unicorn-51233.exe
1820	Unicorn-16423.exe
1204	Unicorn-18369.exe
2140	Unicorn-29229.exe
2340	Unicorn-5924.exe
2900	Unicorn-39343.exe
1560	Unicorn-470.exe
2016	Unicorn-25468.exe
1628	Unicorn-2909.exe
2952	Unicorn-19499.exe
1572	Unicorn-32820.exe
2004	Unicorn-49334.exe
1808	Unicorn-55919.exe
2536	Unicorn-40974.exe
2848	Unicorn-12193.exe
1264	Unicorn-23054.exe
1964	Unicorn-26584.exe
2820	Unicorn-45634.exe
2772	Unicorn-2634.exe
948	Unicorn-39412.exe
1028	Unicorn-40158.exe
1376	Unicorn-49718.exe
956	Unicorn-51856.exe
1736	Unicorn-48135.exe
1620	Unicorn-39220.exe
3056	Unicorn-37828.exe
1636	Unicorn-8493.exe
1732	Unicorn-37828.exe
1288	Unicorn-53610.exe
2084	Unicorn-13900.exe
1976	Unicorn-33766.exe
2052	Unicorn-37850.exe
844	Unicorn-30943.exe
1044	Unicorn-2717.exe
1772	Unicorn-22583.exe
2836	Unicorn-60107.exe
2696	Unicorn-31519.exe
2896	Unicorn-46464.exe
2920	Unicorn-48410.exe
1616	Unicorn-14798.exe
576	Unicorn-14798.exe
1096	Unicorn-60491.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2668	1704	589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe	28
PID 1704 wrote to memory of 2668	1704	589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe	28
PID 1704 wrote to memory of 2668	1704	589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe	28
PID 1704 wrote to memory of 2668	1704	589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe	28
PID 2668 wrote to memory of 2624	2668	Unicorn-31420.exe	29
PID 2668 wrote to memory of 2624	2668	Unicorn-31420.exe	29
PID 2668 wrote to memory of 2624	2668	Unicorn-31420.exe	29
PID 2668 wrote to memory of 2624	2668	Unicorn-31420.exe	29
PID 1704 wrote to memory of 2628	1704	589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe	30
PID 1704 wrote to memory of 2628	1704	589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe	30
PID 1704 wrote to memory of 2628	1704	589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe	30
PID 1704 wrote to memory of 2628	1704	589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe	30
PID 1704 wrote to memory of 2096	1704	589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe	31
PID 1704 wrote to memory of 2096	1704	589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe	31
PID 1704 wrote to memory of 2096	1704	589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe	31
PID 1704 wrote to memory of 2096	1704	589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe	31
PID 2624 wrote to memory of 2728	2624	Unicorn-56007.exe	32
PID 2624 wrote to memory of 2728	2624	Unicorn-56007.exe	32
PID 2624 wrote to memory of 2728	2624	Unicorn-56007.exe	32
PID 2624 wrote to memory of 2728	2624	Unicorn-56007.exe	32
PID 2668 wrote to memory of 2480	2668	Unicorn-31420.exe	33
PID 2668 wrote to memory of 2480	2668	Unicorn-31420.exe	33
PID 2668 wrote to memory of 2480	2668	Unicorn-31420.exe	33
PID 2668 wrote to memory of 2480	2668	Unicorn-31420.exe	33
PID 2628 wrote to memory of 2444	2628	Unicorn-1331.exe	34
PID 2628 wrote to memory of 2444	2628	Unicorn-1331.exe	34
PID 2628 wrote to memory of 2444	2628	Unicorn-1331.exe	34
PID 2628 wrote to memory of 2444	2628	Unicorn-1331.exe	34
PID 2668 wrote to memory of 436	2668	Unicorn-31420.exe	35
PID 2668 wrote to memory of 436	2668	Unicorn-31420.exe	35
PID 2668 wrote to memory of 436	2668	Unicorn-31420.exe	35
PID 2668 wrote to memory of 436	2668	Unicorn-31420.exe	35
PID 2480 wrote to memory of 1604	2480	Unicorn-53594.exe	36
PID 2480 wrote to memory of 1604	2480	Unicorn-53594.exe	36
PID 2480 wrote to memory of 1604	2480	Unicorn-53594.exe	36
PID 2480 wrote to memory of 1604	2480	Unicorn-53594.exe	36
PID 2728 wrote to memory of 2268	2728	Unicorn-16091.exe	37
PID 2728 wrote to memory of 2268	2728	Unicorn-16091.exe	37
PID 2728 wrote to memory of 2268	2728	Unicorn-16091.exe	37
PID 2728 wrote to memory of 2268	2728	Unicorn-16091.exe	37
PID 2624 wrote to memory of 2760	2624	Unicorn-56007.exe	38
PID 2624 wrote to memory of 2760	2624	Unicorn-56007.exe	38
PID 2624 wrote to memory of 2760	2624	Unicorn-56007.exe	38
PID 2624 wrote to memory of 2760	2624	Unicorn-56007.exe	38
PID 2444 wrote to memory of 1652	2444	Unicorn-7922.exe	39
PID 2444 wrote to memory of 1652	2444	Unicorn-7922.exe	39
PID 2444 wrote to memory of 1652	2444	Unicorn-7922.exe	39
PID 2444 wrote to memory of 1652	2444	Unicorn-7922.exe	39
PID 2628 wrote to memory of 1052	2628	Unicorn-1331.exe	40
PID 2628 wrote to memory of 1052	2628	Unicorn-1331.exe	40
PID 2628 wrote to memory of 1052	2628	Unicorn-1331.exe	40
PID 2628 wrote to memory of 1052	2628	Unicorn-1331.exe	40
PID 2624 wrote to memory of 1996	2624	Unicorn-56007.exe	41
PID 2624 wrote to memory of 1996	2624	Unicorn-56007.exe	41
PID 2624 wrote to memory of 1996	2624	Unicorn-56007.exe	41
PID 2624 wrote to memory of 1996	2624	Unicorn-56007.exe	41
PID 2628 wrote to memory of 768	2628	Unicorn-1331.exe	42
PID 2628 wrote to memory of 768	2628	Unicorn-1331.exe	42
PID 2628 wrote to memory of 768	2628	Unicorn-1331.exe	42
PID 2628 wrote to memory of 768	2628	Unicorn-1331.exe	42
PID 1652 wrote to memory of 2716	1652	Unicorn-35224.exe	43
PID 1652 wrote to memory of 2716	1652	Unicorn-35224.exe	43
PID 1652 wrote to memory of 2716	1652	Unicorn-35224.exe	43
PID 1652 wrote to memory of 2716	1652	Unicorn-35224.exe	43

C:\Users\Admin\AppData\Local\Temp\589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\589b74f930150e16c7fdb8a7754254d0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37850.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16034.exe
        9⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
        10⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        11⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
        12⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58398.exe
        13⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
        13⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
        12⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
        11⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 236
        10⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 216
        9⤵
        Program crash
        
        PID:3204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
        8⤵
        Program crash
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19267.exe
        8⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
        9⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65286.exe
        10⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        11⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
        12⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
        13⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 236
        12⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
        11⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
        10⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
        9⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
        8⤵
        Program crash
        
        PID:3468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        7⤵
        Program crash
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
        8⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
        9⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26906.exe
        10⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        11⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
        12⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
        12⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 236
        11⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        10⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
        9⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
        8⤵
        Program crash
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        7⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        9⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5263.exe
        10⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
        11⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 236
        11⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
        10⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 236
        9⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 216
        8⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        7⤵
        Program crash
        
        PID:3696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
        6⤵
        Program crash
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26584.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11674.exe
        8⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        9⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33237.exe
        10⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2248.exe
        11⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
        12⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 236
        12⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        11⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
        10⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 236
        9⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
        8⤵
        Program crash
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49178.exe
        7⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28478.exe
        8⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50320.exe
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
        10⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        11⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43048.exe
        12⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 236
        12⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
        11⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 236
        10⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 216
        9⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 236
        8⤵
        Program crash
        
        PID:3384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
        7⤵
        Program crash
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2634.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60299.exe
        7⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26147.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
        9⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6685.exe
        10⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33655.exe
        11⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19120.exe
        12⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 236
        12⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
        11⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
        10⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
        9⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 236
        8⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
        7⤵
        Program crash
        
        PID:1752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
        6⤵
        Program crash
        
        PID:1088
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6526.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49334.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60382.exe
        9⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        10⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41104.exe
        11⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        12⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
        13⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
        13⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        12⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 236
        11⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
        10⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 236
        9⤵
        Program crash
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        8⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
        9⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33128.exe
        10⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        11⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
        12⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
        12⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        11⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
        10⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
        9⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
        8⤵
        Program crash
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2717.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25292.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        9⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39690.exe
        10⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
        11⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
        11⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 236
        10⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
        9⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 236
        8⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 240
        7⤵
        Program crash
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55919.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34975.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
        10⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12274.exe
        11⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
        12⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 236
        12⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        11⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        10⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
        9⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
        8⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 236
        7⤵
        Program crash
        
        PID:2392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        6⤵
        Program crash
        
        PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60148.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
        8⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
        9⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 224
        10⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 216
        9⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
        8⤵
        Program crash
        
        PID:3272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
        7⤵
        Program crash
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23922.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        8⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        9⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43001.exe
        10⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        11⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
        10⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
        9⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
        8⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
        7⤵
        
        PID:4748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
        6⤵
        Program crash
        
        PID:3552
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
        5⤵
        Program crash
        
        PID:2688
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53594.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48135.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49718.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60491.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
        9⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44482.exe
        10⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        11⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30230.exe
        12⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53349.exe
        13⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 236
        12⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
        11⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
        10⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 216
        9⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 236
        8⤵
        Program crash
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
        8⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21732.exe
        9⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44861.exe
        10⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
        11⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33126.exe
        12⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 236
        12⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
        11⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 236
        10⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
        9⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
        8⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        7⤵
        Program crash
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48135.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        8⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
        9⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31047.exe
        10⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-790.exe
        11⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32379.exe
        12⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
        12⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
        11⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
        10⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 216
        9⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 236
        8⤵
        Program crash
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59759.exe
        7⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        9⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
        10⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59576.exe
        11⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
        11⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
        10⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        9⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 216
        8⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 220
        7⤵
        Program crash
        
        PID:3352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
        6⤵
        Program crash
        
        PID:700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39343.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
        8⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25733.exe
        9⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50232.exe
        10⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
        11⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
        12⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
        12⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 236
        11⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 236
        10⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 216
        9⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 216
        8⤵
        Program crash
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23386.exe
        7⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27570.exe
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
        9⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
        10⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11034.exe
        11⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 220
        11⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
        10⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 236
        9⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 216
        8⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
        7⤵
        Program crash
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20397.exe
        6⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56350.exe
        8⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23756.exe
        9⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        10⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
        11⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 236
        10⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        9⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 216
        8⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 236
        7⤵
        Program crash
        
        PID:3452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
        6⤵
        Program crash
        
        PID:1356
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        5⤵
        Program crash
        
        PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24185.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-470.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8493.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        8⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15894.exe
        9⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe
        10⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62518.exe
        11⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33313.exe
        12⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
        11⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 236
        10⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        9⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
        8⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
        7⤵
        Program crash
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48602.exe
        6⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        7⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53465.exe
        8⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        9⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        10⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 236
        10⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
        9⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 236
        8⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 236
        7⤵
        
        PID:4864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
        6⤵
        Program crash
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37828.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13620.exe
        6⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65089.exe
        9⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
        10⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33749.exe
        11⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
        11⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 236
        10⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
        9⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
        8⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 216
        7⤵
        Program crash
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27470.exe
        6⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
        7⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        8⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        9⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
        10⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
        9⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        8⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 216
        7⤵
        
        PID:5372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
        6⤵
        Program crash
        
        PID:3588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 240
        5⤵
        Program crash
        
        PID:1564
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:440
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35224.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31031.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39220.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56791.exe
        8⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
        9⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
        10⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18746.exe
        11⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        12⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        13⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
        12⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        11⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        10⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
        9⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
        8⤵
        Program crash
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24673.exe
        7⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        9⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49420.exe
        10⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        11⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
        11⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        10⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        9⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 216
        8⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
        7⤵
        Program crash
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37828.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62624.exe
        8⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36937.exe
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
        10⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36831.exe
        11⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
        11⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
        10⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        9⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 216
        8⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
        7⤵
        Program crash
        
        PID:3760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        6⤵
        Program crash
        
        PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53610.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26527.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16216.exe
        9⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2357.exe
        10⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe
        11⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
        11⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 236
        10⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        9⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 216
        8⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 216
        7⤵
        Program crash
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30703.exe
        6⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
        7⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3963.exe
        8⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
        9⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        10⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
        10⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 236
        9⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        8⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
        7⤵
        
        PID:4252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        6⤵
        Program crash
        
        PID:3776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        5⤵
        Program crash
        
        PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12193.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31519.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55914.exe
        8⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31384.exe
        9⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3065.exe
        10⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4163.exe
        11⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64765.exe
        12⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2887.exe
        13⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
        12⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        11⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        10⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 216
        9⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26785.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7533.exe
        9⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
        10⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
        11⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50744.exe
        12⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 236
        11⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
        10⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
        9⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        8⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        7⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
        8⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
        9⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3636.exe
        10⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        11⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
        12⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
        12⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 236
        11⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        10⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        9⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 216
        8⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        7⤵
        Program crash
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
        7⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36750.exe
        8⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
        9⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29275.exe
        10⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57246.exe
        11⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 236
        11⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
        10⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
        9⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 236
        8⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
        7⤵
        Program crash
        
        PID:3964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
        6⤵
        Program crash
        
        PID:308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23054.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
        6⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56319.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
        8⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26989.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40972.exe
        10⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29665.exe
        11⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 216
        11⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 236
        10⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 236
        9⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
        8⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 236
        7⤵
        
        PID:4212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 236
        6⤵
        Program crash
        
        PID:3520
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
        5⤵
        Program crash
        
        PID:2752
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29556.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29556.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18369.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45634.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64767.exe
        7⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44482.exe
        9⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe
        10⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        11⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44631.exe
        12⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 216
        12⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 216
        11⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
        10⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 216
        9⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
        8⤵
        Program crash
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1404.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57528.exe
        8⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        9⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40588.exe
        10⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53437.exe
        11⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
        11⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
        10⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
        9⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 216
        8⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        7⤵
        
        PID:4024
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 236
        6⤵
        Program crash
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40158.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
        6⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41114.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-543.exe
        8⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 240
        9⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
        8⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        7⤵
        Program crash
        
        PID:3704
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
        6⤵
        Program crash
        
        PID:1568
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        5⤵
        Program crash
        
        PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39412.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe
        7⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64326.exe
        8⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22638.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
        10⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        11⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 236
        11⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
        10⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
        9⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 216
        8⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
        7⤵
        Program crash
        
        PID:3484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 236
        6⤵
        Program crash
        
        PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5815.exe
        5⤵
        Executes dropped EXE
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20585.exe
        6⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56158.exe
        7⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        8⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22114.exe
        9⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63935.exe
        10⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
        10⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 236
        9⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 236
        8⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        7⤵
        
        PID:4412
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
        6⤵
        
        PID:3996
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        5⤵
        Program crash
        
        PID:2116
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
      4⤵
      Program crash
      PID:2676
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:768
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
  2⤵
  - Program crash
  PID:2096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe

Filesize
184KB

MD5
ad2079d9ecc3eaf1372ac260832c50c3

SHA1
13885e884b2fa4bae340bc2dba1778792f628248

SHA256
aa5c157a56ae7568c2ffa8d8c91288228e97dcf331329f7c8afe6f80da9bca0b

SHA512
7c5e192b82e9db57e110d6b2b8a0994ff4bec3f2df26e5d5bb06e1249518468405df5d5aeac2e82058b9f469f45c0e51981b231f370e6cc458b57217d5c00d6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe

Filesize
184KB

MD5
619dd1783b50e03c421cd30e2865fdd7

SHA1
9a663f3f2bf68f363e0adcd7eb74f65830cf0cfa

SHA256
03ea3c4348bb506c8edcc8a74e166812a3912a6edb0b9e006cac763c19942ef1

SHA512
e4114da139642897d2efa02ebab151ebc89e7a977b50784c1bf75ec0fca67f463271bbe1830aca4252c598e231360b34c25797d0fe29b97cfba9fb59269f078a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26785.exe

Filesize
184KB

MD5
3e9d2bd90c36c882639777318fa2b5be

SHA1
8c7a823b272ef0e2ab9fae72a1aaf0e58fb77647

SHA256
e4ffa04e4fb257f391360d503b762b47f960fa451f7f643206665e1a3b612be1

SHA512
d26960baa9b865aa4d21fafab1533f9db08fe494c519a07d294209707b5836cf76d736e988a5c6979b99863d63ef6bccccefccaab06d11349cca3512b11f4c34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40158.exe

Filesize
184KB

MD5
0dff95e58434e3a672d15e38d38b6cc3

SHA1
ffbd205a48c4ac1f5ab7753f793d2db2c26d20d9

SHA256
5d6772aefd62a13db2c87117b039b18c37a5d89af475afdee51dcf393b20ac7f

SHA512
8ff5f9482e1174101480be9598b778d0471e765b75f5b8fb877c29d6b8a2cabc47cc5d72da5ffcd3fb4ba2b5b093b1e91f6528404b41f8214370dafa433f4815

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41114.exe

Filesize
184KB

MD5
07ce6c159485974cfa98b46588ec6347

SHA1
d511ce1d4c1573e97328852053b91b4f8418dd78

SHA256
155751644043a74765e13d4dc95a727fc6a6eebd5ec200b54ba002cf58a67f91

SHA512
5eb2cb28fd60d47deccec4aaa416724c9d7fc6e3d4a6e5966af2256e31a8212b3ba73f96907bf32abb6f38c94f93037524f4312ad8ecb7af645b895ca352bea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44631.exe

Filesize
184KB

MD5
43bbd5d3225dab664bf92b3249871369

SHA1
f2ceda59bfdd92a0743adf52c34944e6f5310224

SHA256
6f00b7dc89193c686ae9b425507fa4043659883bab94437e14ee1d2e3764655b

SHA512
bdb2f3e8b911ec9afb7513e16a69e5d99a7eb412eab244577da2cc20a5c59d4846699203e883327a76c55d26a9cd89d21629f441e5744dfef0669e4caabf54ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44861.exe

Filesize
184KB

MD5
6bca19dc647085b2ac606cf4b3633da9

SHA1
0939317f5b65ab87c95ca884dcc745dfa04588c6

SHA256
d58604dd8f9acfcdd21d4bfef78cb8a15fa07eda887ba089582798494ce2c723

SHA512
bcddbc39c73e552c0ff822510bebb99d45c96a9d62887629e2147e4957edc50c60393e08194f086665ee9b2e8f85517f607d6da64434296c125d8bfceafe0c74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe

Filesize
184KB

MD5
e8075fe465a65bf46e41a3f8ba2da496

SHA1
38f16f4781d032e4b72a249fda3791df5d6e2903

SHA256
2907cd2604125d6c2fd09717567db03dd0ea0a2f927a684fd7fe4153dafb73be

SHA512
3641179351c4b95dd75196a5a7f658ea8ef70302076ff9432da6f5b64ea5769973d3c8cb837a78a901820573a51ab01893dc793d0fea89ca61f49a4b9fb501a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6526.exe

Filesize
184KB

MD5
df35d75b3e51c80ab2c7b5245e6f3c37

SHA1
6a19887aa8c1f2502478af36421f6d220e3b248f

SHA256
af4d106d62529ccbe93a275153b0bbb4458bd655eee9aa8d9d33bc2c997f6a14

SHA512
6276522320f35628a505407ba3430a99d45482d501dbf6830d18f2c16bb07dea097088cd4574ca3c9ce28ee547701819838c53e8d5f8bd438d50cb73ed2a2523

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe

Filesize
184KB

MD5
fd9c1fa4931f34797f99ed7623628699

SHA1
73ccbb1966f5668f08895bb0c1f212ef07c06a09

SHA256
dfaee225cd6de0f4430937e75a15132f7cf5f7d4a590e796ac2f1759953593f0

SHA512
2b48c59dd0618d5a8a8dd18aa880dbaab6eb84ec0b73f9d6d26c82d1552a050cdd0f28a8b317145b4f6c419beb318a9f7bee0a9c4c6e2d0534b712f1b0c984c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe

Filesize
184KB

MD5
bc376f57623d67382a14dad9c15da8ca

SHA1
f9e1f33a21bad9bc53738d29b56b9513070fc382

SHA256
935c9eb567eac10eae2ddcbb7a182695e6013da88d0ade9ba644642411a693ad

SHA512
62fc392b522d1dd6b1b6bf8dbeeac6909cbe63d8e8b41de834fa5400869e245e808b76526e2f18c2e67f338e426eca6ebf11bc969de8d840521f09f76380f1be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe

Filesize
184KB

MD5
29e77336c6a5fa52a394a3431e3cccb3

SHA1
21d338677ded84c0f4f25daab4b3d23438c6ad78

SHA256
70e6612291365fea704aa0aaf0f93fda5b907c9e821622b6579472c904b12dd2

SHA512
50dcb7c94e778134e62b9e4de817d9e65564dd0b224629df6c09c05303778b69fed5218b987a67caa7f59461e77b896e4f8c01b0ccdbf2baaa425a733832840e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29556.exe

Filesize
184KB

MD5
110d64346962389071b3abde46698268

SHA1
46a0a14d898b55919f65118f917d73bd32edb213

SHA256
baf7d4963d9c079650896b18596ac966a40a7391705a2b265327faa209fe359c

SHA512
9dc2e95258a224374bf9b7548b92871ef460de40e181ebfa460392e963985cb9bd866c7b602fff5c0ba8089193dfdf8cad6b1c7300288ba856341df1d2c4b689

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31031.exe

Filesize
184KB

MD5
bc00ee997cf075438631c8f3dc5eaa1d

SHA1
32aa3e89f9d1e2f9506b85f32e08c8cb7eaa4d2d

SHA256
69f711bc8bb204906e173458a35784cbfdcd0e415aaa0a1fe2ccd96764e81cb2

SHA512
38ef7834c6b436b774468da0411157f7a65d677176222082642f56f741212de19734cdb1052b86c3757016bc6497ae516261fde5eceeb73361441d42054b094f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe

Filesize
184KB

MD5
624c7ae42dbabd8d8ce528c4d45f5122

SHA1
6c0dc65d141ee5f280c3f683ee5f1b54759c3088

SHA256
a56c1c05e4d5eeeea3fecbe5066895a4c21dccd336bfb0add2124bf3373cba4d

SHA512
2eb99d617ebe17377cf508b556600dba24c59c4f31abd716e80a80e4ce61646c2c8e8267d63b436ba27e52c05827b0adfe5ab992e9a81ea00b2b2341205288e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35224.exe

Filesize
184KB

MD5
294254fab78cddfeb5c1c911b5e41871

SHA1
bc84ef6360b4ca902b25766ba1a77b5b3c290008

SHA256
1271e2c2e19ef467c2103bd00e04bb371e134e31f883d8d4b4cb274dd8f34b79

SHA512
eb2093cc9b407cc886ed523fe61544338d1b5624352923992ca515d89e325a78e5847679cf3a32daf5fd61bdd25e124763e7953afa59e2cc4f1426f9cba752cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe

Filesize
184KB

MD5
00f21f344824bff6c60f138f940e9b10

SHA1
3bd9a5d1699a2fc36c665fa1da0895102f13b51c

SHA256
b2680424b08f11caae649b5d3825875cbb620bb2eff820357dc8a673865a1a27

SHA512
ee78d36def477bd1957a35fa1fdbd81fe75171bbed61fbc90246f1617bd15e45596f8785a70f99b4e730224cc0b84836c6142fc75f4bb8300a1783c52da555d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe

Filesize
184KB

MD5
e1605fd9b28cd2326b95423c59069e2a

SHA1
4ccfffbbbc40da0e49092310950a66778de198d8

SHA256
2b5fb3722004cd5c180c668376ede03bd4461b6eb55d2dc6b8a33b1a06c03582

SHA512
9ffa1c585b5e50b050fd9db04298f552f03d6bbe4974b01c22a0a6c10939e0a3369777127a886a17f3b179151543ab2d46622f71a1cbd734700e12bc3bae4e9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53594.exe

Filesize
184KB

MD5
422a0a88b300c43c8c8f25b433687325

SHA1
cbd1d8743f38e728326f41a937a559377b54c4e6

SHA256
b571fa34b27707465238cf51330108d6c115b2f2b81a7d311861514e4b611003

SHA512
27ed1df5ab34f599a47e6870d28661bcadcaef4a1f751ebdeb606ba561b4af5aeb057778cd3c9af276651ed47cbc02c0cc829852031d7fb8179dc05bd88be1f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe

Filesize
184KB

MD5
7074560121f6371a5ca2f69de354d599

SHA1
0a16db936a42a491d91dd9e214f4e2639c6ca03c

SHA256
1c507b21e8c55c2ceab959a7964c10a6b27b6efa87c50a51fffb24a688d79c55

SHA512
dd8e72dc2accd467a1397847dff7a6d29768a6c51c4d6bdea60933ba903e48d2120e241824c91e03ed9e24178421f9a72c80212e474164544cbffc6dd4532099

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe

Filesize
184KB

MD5
8a21fa1c828c8eda8d6b0fef23188a79

SHA1
94e057e4e4310fbf944165efc702615a5b9bf3eb

SHA256
652bf917225f87fbc3d122fc69bb73c3ee9ced124ac7fa342f354717e875f9dc

SHA512
b98b4e48c99e27d1f2702ade458843bf6f83d1ebfa73bf746cb1489d96175e8acd2c86110c486f2664bceb9c3b4211744399f44ea2a7379a50d5eb6aeeaec6ab

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads