a32097f6e9d882345d0a488a35e3b79863245ab2815aecf9a0ad15918d9f853e

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 20:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe
Size

184KB
MD5

62856ab00fd14f14ca38d2cb3c4a1bc0
SHA1

b178678798f65a387aae1daecfbb09099e92e7da
SHA256

a32097f6e9d882345d0a488a35e3b79863245ab2815aecf9a0ad15918d9f853e
SHA512

2271440d425ee263342f530d5d94bf963f51bc23560249578ed325df9157d0d20db67b8a18258d7c8fb4711d04a4655abc35cb5cbd87604c4a75f9ae0ef77dd3
SSDEEP

3072:xHO3Y9ofERqkdaate8wL8ti9hlnViF3n3:xHroHgaayLEi9hlnViF3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2480	Unicorn-40719.exe
2536	Unicorn-54678.exe
2992	Unicorn-13090.exe
2628	Unicorn-41762.exe
2532	Unicorn-19972.exe
2440	Unicorn-34916.exe
584	Unicorn-62997.exe
880	Unicorn-153.exe
1856	Unicorn-50745.exe
1060	Unicorn-32271.exe
2380	Unicorn-20573.exe
1808	Unicorn-57927.exe
2336	Unicorn-49759.exe
1616	Unicorn-36992.exe
2904	Unicorn-10672.exe
2432	Unicorn-13365.exe
2932	Unicorn-27777.exe
2960	Unicorn-49266.exe
1704	Unicorn-21232.exe
2756	Unicorn-58565.exe
368	Unicorn-43620.exe
900	Unicorn-8809.exe
2132	Unicorn-50397.exe
2264	Unicorn-51788.exe
2164	Unicorn-1217.exe
2952	Unicorn-7994.exe
1564	Unicorn-27860.exe
1912	Unicorn-9385.exe
1604	Unicorn-14024.exe
2096	Unicorn-52364.exe
3012	Unicorn-11331.exe
3068	Unicorn-52919.exe
1992	Unicorn-56723.exe
2584	Unicorn-6131.exe
2112	Unicorn-52639.exe
840	Unicorn-57278.exe
628	Unicorn-22467.exe
956	Unicorn-1300.exe
1800	Unicorn-23859.exe
1412	Unicorn-5384.exe
2324	Unicorn-29889.exe
2660	Unicorn-10023.exe
1560	Unicorn-32581.exe
1540	Unicorn-31835.exe
2004	Unicorn-27751.exe
876	Unicorn-19583.exe
240	Unicorn-17445.exe
2080	Unicorn-59032.exe
2752	Unicorn-20137.exe
2064	Unicorn-34549.exe
432	Unicorn-31019.exe
3032	Unicorn-26381.exe
1608	Unicorn-34440.exe
2716	Unicorn-22188.exe
2980	Unicorn-57553.exe
2612	Unicorn-2307.exe
2516	Unicorn-9084.exe
2416	Unicorn-22728.exe
568	Unicorn-14559.exe
2444	Unicorn-60231.exe
2316	Unicorn-34980.exe
1968	Unicorn-26812.exe
1088	Unicorn-169.exe
2308	Unicorn-4808.exe

Loads dropped DLL 64 IoCs

pid	Process
1740	62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe
1740	62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe
1740	62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe
2480	Unicorn-40719.exe
1740	62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe
2480	Unicorn-40719.exe
2536	Unicorn-54678.exe
2536	Unicorn-54678.exe
2992	Unicorn-13090.exe
2480	Unicorn-40719.exe
2992	Unicorn-13090.exe
2480	Unicorn-40719.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2532	Unicorn-19972.exe
2532	Unicorn-19972.exe
2992	Unicorn-13090.exe
2992	Unicorn-13090.exe
2628	Unicorn-41762.exe
2628	Unicorn-41762.exe
2440	Unicorn-34916.exe
2536	Unicorn-54678.exe
2536	Unicorn-54678.exe
2440	Unicorn-34916.exe
1204	WerFault.exe
1204	WerFault.exe
1204	WerFault.exe
1204	WerFault.exe
1204	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
584	Unicorn-62997.exe
584	Unicorn-62997.exe
880	Unicorn-153.exe
880	Unicorn-153.exe
2532	Unicorn-19972.exe
2532	Unicorn-19972.exe
1060	Unicorn-32271.exe
1060	Unicorn-32271.exe
2440	Unicorn-34916.exe
2440	Unicorn-34916.exe
2380	Unicorn-20573.exe
2380	Unicorn-20573.exe
1856	Unicorn-50745.exe
1856	Unicorn-50745.exe
2628	Unicorn-41762.exe
2628	Unicorn-41762.exe
1296	WerFault.exe
1296	WerFault.exe
1296	WerFault.exe
1296	WerFault.exe
1296	WerFault.exe
3048	WerFault.exe
3048	WerFault.exe
3048	WerFault.exe
3048	WerFault.exe
3048	WerFault.exe
1588	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2528	1740	WerFault.exe	27
2988	2480	WerFault.exe	28
1204	2536	WerFault.exe	29
1964	2992	WerFault.exe	30
1296	2532	WerFault.exe	33
3048	2628	WerFault.exe	32
1588	2440	WerFault.exe	34
2600	584	WerFault.exe	36
2680	880	WerFault.exe	37
2732	1060	WerFault.exe	39
2708	2380	WerFault.exe	40
2644	1856	WerFault.exe	38
1304	2336	WerFault.exe	44
2344	1560	WerFault.exe	84
908	1616	WerFault.exe	45
2352	1808	WerFault.exe	43
1708	2904	WerFault.exe	46
2160	2932	WerFault.exe	49
888	1704	WerFault.exe	50
1224	2960	WerFault.exe	48
2188	2096	WerFault.exe	66
1664	900	WerFault.exe	58
596	2756	WerFault.exe	56
2224	368	WerFault.exe	57
2428	2264	WerFault.exe	60
2468	1604	WerFault.exe	65
2320	2132	WerFault.exe	59
2028	840	WerFault.exe	77
1844	1992	WerFault.exe	74
3008	876	WerFault.exe	87
2560	1412	WerFault.exe	81
2340	956	WerFault.exe	79
936	2432	WerFault.exe	47
2496	240	WerFault.exe	88
1496	1540	WerFault.exe	85
3376	432	WerFault.exe	93
3648	1912	WerFault.exe	64
3672	2004	WerFault.exe	86
3704	2584	WerFault.exe	75
3760	628	WerFault.exe	78
3776	3012	WerFault.exe	67
3784	2660	WerFault.exe	83
3792	3068	WerFault.exe	68
3824	2952	WerFault.exe	62
3832	2232	WerFault.exe	128
3840	1564	WerFault.exe	63
3884	3032	WerFault.exe	92
3344	2084	WerFault.exe	135
3408	2516	WerFault.exe	106
3472	2332	WerFault.exe	114
3480	568	WerFault.exe	108
3500	2308	WerFault.exe	113
3560	2296	WerFault.exe	119
3260	1104	WerFault.exe	121
3588	2696	WerFault.exe	129
3720	2112	WerFault.exe	76
3680	2752	WerFault.exe	90
3724	1088	WerFault.exe	111
3744	2324	WerFault.exe	82
3768	1968	WerFault.exe	112
3800	1396	WerFault.exe	127
3848	2064	WerFault.exe	91
3992	2080	WerFault.exe	89
4092	2300	WerFault.exe	124

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1740	62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe
2480	Unicorn-40719.exe
2536	Unicorn-54678.exe
2992	Unicorn-13090.exe
2628	Unicorn-41762.exe
2532	Unicorn-19972.exe
2440	Unicorn-34916.exe
584	Unicorn-62997.exe
880	Unicorn-153.exe
1060	Unicorn-32271.exe
1856	Unicorn-50745.exe
2380	Unicorn-20573.exe
2336	Unicorn-49759.exe
1808	Unicorn-57927.exe
1616	Unicorn-36992.exe
2904	Unicorn-10672.exe
2432	Unicorn-13365.exe
2932	Unicorn-27777.exe
1704	Unicorn-21232.exe
2960	Unicorn-49266.exe
2756	Unicorn-58565.exe
900	Unicorn-8809.exe
368	Unicorn-43620.exe
2132	Unicorn-50397.exe
2264	Unicorn-51788.exe
2952	Unicorn-7994.exe
1564	Unicorn-27860.exe
1912	Unicorn-9385.exe
1604	Unicorn-14024.exe
2096	Unicorn-52364.exe
3012	Unicorn-11331.exe
3068	Unicorn-52919.exe
2584	Unicorn-6131.exe
1992	Unicorn-56723.exe
840	Unicorn-57278.exe
2112	Unicorn-52639.exe
628	Unicorn-22467.exe
956	Unicorn-1300.exe
1800	Unicorn-23859.exe
1412	Unicorn-5384.exe
2660	Unicorn-10023.exe
2324	Unicorn-29889.exe
2004	Unicorn-27751.exe
240	Unicorn-17445.exe
1540	Unicorn-31835.exe
876	Unicorn-19583.exe
1560	Unicorn-32581.exe
2080	Unicorn-59032.exe
2064	Unicorn-34549.exe
2752	Unicorn-20137.exe
432	Unicorn-31019.exe
3032	Unicorn-26381.exe
1608	Unicorn-34440.exe
2716	Unicorn-22188.exe
2980	Unicorn-57553.exe
2612	Unicorn-2307.exe
2516	Unicorn-9084.exe
2416	Unicorn-22728.exe
2444	Unicorn-60231.exe
1088	Unicorn-169.exe
568	Unicorn-14559.exe
2308	Unicorn-4808.exe
1968	Unicorn-26812.exe
2316	Unicorn-34980.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2480	1740	62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe	28
PID 1740 wrote to memory of 2480	1740	62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe	28
PID 1740 wrote to memory of 2480	1740	62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe	28
PID 1740 wrote to memory of 2480	1740	62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe	28
PID 1740 wrote to memory of 2536	1740	62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe	29
PID 1740 wrote to memory of 2536	1740	62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe	29
PID 1740 wrote to memory of 2536	1740	62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe	29
PID 1740 wrote to memory of 2536	1740	62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe	29
PID 2480 wrote to memory of 2992	2480	Unicorn-40719.exe	30
PID 2480 wrote to memory of 2992	2480	Unicorn-40719.exe	30
PID 2480 wrote to memory of 2992	2480	Unicorn-40719.exe	30
PID 2480 wrote to memory of 2992	2480	Unicorn-40719.exe	30
PID 1740 wrote to memory of 2528	1740	62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe	31
PID 1740 wrote to memory of 2528	1740	62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe	31
PID 1740 wrote to memory of 2528	1740	62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe	31
PID 1740 wrote to memory of 2528	1740	62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe	31
PID 2536 wrote to memory of 2628	2536	Unicorn-54678.exe	32
PID 2536 wrote to memory of 2628	2536	Unicorn-54678.exe	32
PID 2536 wrote to memory of 2628	2536	Unicorn-54678.exe	32
PID 2536 wrote to memory of 2628	2536	Unicorn-54678.exe	32
PID 2992 wrote to memory of 2532	2992	Unicorn-13090.exe	33
PID 2992 wrote to memory of 2532	2992	Unicorn-13090.exe	33
PID 2992 wrote to memory of 2532	2992	Unicorn-13090.exe	33
PID 2992 wrote to memory of 2532	2992	Unicorn-13090.exe	33
PID 2480 wrote to memory of 2440	2480	Unicorn-40719.exe	34
PID 2480 wrote to memory of 2440	2480	Unicorn-40719.exe	34
PID 2480 wrote to memory of 2440	2480	Unicorn-40719.exe	34
PID 2480 wrote to memory of 2440	2480	Unicorn-40719.exe	34
PID 2480 wrote to memory of 2988	2480	Unicorn-40719.exe	35
PID 2480 wrote to memory of 2988	2480	Unicorn-40719.exe	35
PID 2480 wrote to memory of 2988	2480	Unicorn-40719.exe	35
PID 2480 wrote to memory of 2988	2480	Unicorn-40719.exe	35
PID 2532 wrote to memory of 584	2532	Unicorn-19972.exe	36
PID 2532 wrote to memory of 584	2532	Unicorn-19972.exe	36
PID 2532 wrote to memory of 584	2532	Unicorn-19972.exe	36
PID 2532 wrote to memory of 584	2532	Unicorn-19972.exe	36
PID 2992 wrote to memory of 880	2992	Unicorn-13090.exe	37
PID 2992 wrote to memory of 880	2992	Unicorn-13090.exe	37
PID 2992 wrote to memory of 880	2992	Unicorn-13090.exe	37
PID 2992 wrote to memory of 880	2992	Unicorn-13090.exe	37
PID 2628 wrote to memory of 1856	2628	Unicorn-41762.exe	38
PID 2628 wrote to memory of 1856	2628	Unicorn-41762.exe	38
PID 2628 wrote to memory of 1856	2628	Unicorn-41762.exe	38
PID 2628 wrote to memory of 1856	2628	Unicorn-41762.exe	38
PID 2536 wrote to memory of 2380	2536	Unicorn-54678.exe	40
PID 2536 wrote to memory of 2380	2536	Unicorn-54678.exe	40
PID 2536 wrote to memory of 2380	2536	Unicorn-54678.exe	40
PID 2536 wrote to memory of 2380	2536	Unicorn-54678.exe	40
PID 2440 wrote to memory of 1060	2440	Unicorn-34916.exe	39
PID 2440 wrote to memory of 1060	2440	Unicorn-34916.exe	39
PID 2440 wrote to memory of 1060	2440	Unicorn-34916.exe	39
PID 2440 wrote to memory of 1060	2440	Unicorn-34916.exe	39
PID 2536 wrote to memory of 1204	2536	Unicorn-54678.exe	41
PID 2536 wrote to memory of 1204	2536	Unicorn-54678.exe	41
PID 2536 wrote to memory of 1204	2536	Unicorn-54678.exe	41
PID 2536 wrote to memory of 1204	2536	Unicorn-54678.exe	41
PID 2992 wrote to memory of 1964	2992	Unicorn-13090.exe	42
PID 2992 wrote to memory of 1964	2992	Unicorn-13090.exe	42
PID 2992 wrote to memory of 1964	2992	Unicorn-13090.exe	42
PID 2992 wrote to memory of 1964	2992	Unicorn-13090.exe	42
PID 584 wrote to memory of 1808	584	Unicorn-62997.exe	43
PID 584 wrote to memory of 1808	584	Unicorn-62997.exe	43
PID 584 wrote to memory of 1808	584	Unicorn-62997.exe	43
PID 584 wrote to memory of 1808	584	Unicorn-62997.exe	43

C:\Users\Admin\AppData\Local\Temp\62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\62856ab00fd14f14ca38d2cb3c4a1bc0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57927.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56723.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2307.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13656.exe
        10⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
        11⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        12⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55940.exe
        13⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
        13⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        12⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 216
        11⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
        10⤵
        
        PID:3248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
        9⤵
        Program crash
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        10⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        11⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59002.exe
        12⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
        13⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
        12⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        11⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
        10⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 216
        9⤵
        Program crash
        
        PID:3408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
        8⤵
        Program crash
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6131.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
        8⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50278.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        10⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
        11⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
        12⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
        12⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
        11⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
        10⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 236
        9⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        8⤵
        Program crash
        
        PID:3704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
        7⤵
        Program crash
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9956.exe
        9⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4497.exe
        10⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
        11⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
        12⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
        12⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        11⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
        10⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 216
        9⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 236
        8⤵
        Program crash
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43205.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11129.exe
        9⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        10⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        11⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
        12⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
        12⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
        11⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
        10⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
        9⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
        8⤵
        Program crash
        
        PID:3560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
        7⤵
        Program crash
        
        PID:2320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 240
        6⤵
        Program crash
        
        PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5384.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47232.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34461.exe
        9⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
        10⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
        11⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        12⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41605.exe
        13⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
        12⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
        11⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        10⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
        9⤵
        Program crash
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 236
        8⤵
        Program crash
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21144.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46905.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        9⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
        10⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        11⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
        11⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
        10⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
        9⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        8⤵
        
        PID:3100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        7⤵
        Program crash
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
        7⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        9⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
        10⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32970.exe
        11⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 216
        11⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 236
        10⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        9⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 216
        8⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
        7⤵
        Program crash
        
        PID:3784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        6⤵
        Program crash
        
        PID:908
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-153.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-169.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19303.exe
        9⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        10⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        11⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44996.exe
        12⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11994.exe
        13⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
        12⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 236
        11⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 216
        10⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
        9⤵
        Program crash
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        8⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        9⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64165.exe
        10⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21535.exe
        11⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
        11⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        10⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 216
        9⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
        8⤵
        Program crash
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62857.exe
        8⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
        9⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        10⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29838.exe
        11⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19732.exe
        12⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 216
        12⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
        11⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        10⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 216
        9⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
        8⤵
        Program crash
        
        PID:3500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 368 -s 240
        7⤵
        Program crash
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57278.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51892.exe
        8⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        9⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
        10⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53968.exe
        11⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30523.exe
        12⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31792.exe
        13⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
        13⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
        12⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        11⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
        10⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
        9⤵
        Program crash
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25084.exe
        9⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22723.exe
        10⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36501.exe
        11⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 236
        11⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
        10⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
        9⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
        8⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23858.exe
        7⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        8⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe
        10⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43901.exe
        11⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
        11⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        10⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
        9⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
        8⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
        7⤵
        Program crash
        
        PID:2028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        6⤵
        Program crash
        
        PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58565.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42437.exe
        8⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30564.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48981.exe
        10⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23865.exe
        11⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
        11⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        10⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
        9⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 236
        8⤵
        Program crash
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26655.exe
        7⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        8⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48706.exe
        9⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        10⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19587.exe
        11⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
        10⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
        9⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 236
        8⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
        7⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29888.exe
        6⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        7⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
        8⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
        9⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7855.exe
        10⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        11⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        10⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
        9⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
        8⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        7⤵
        Program crash
        
        PID:3588
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
        6⤵
        Program crash
        
        PID:596
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
        5⤵
        Program crash
        
        PID:2680
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34916.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10672.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
        6⤵
        Executes dropped EXE
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22467.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34980.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10122.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe
        10⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17459.exe
        11⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 236
        11⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 236
        10⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        9⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 216
        8⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 216
        7⤵
        Program crash
        
        PID:3760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        6⤵
        Program crash
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57673.exe
        9⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        10⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15697.exe
        11⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51145.exe
        11⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 220
        11⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
        10⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        9⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 216
        8⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 216
        7⤵
        Program crash
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        6⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32681.exe
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        8⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11835.exe
        9⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46213.exe
        10⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 236
        10⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 236
        9⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
        8⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 216
        7⤵
        
        PID:4340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        6⤵
        Program crash
        
        PID:3824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 240
        5⤵
        Program crash
        
        PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13365.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27860.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33418.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe
        8⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60008.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        10⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
        11⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27892.exe
        12⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26831.exe
        13⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
        13⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 236
        12⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        11⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
        10⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51264.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        10⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
        11⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17101.exe
        12⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
        11⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        10⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 240
        9⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
        8⤵
        Program crash
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20049.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54959.exe
        8⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18447.exe
        9⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        10⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 236
        10⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        9⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 216
        8⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
        7⤵
        Program crash
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        6⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26459.exe
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23334.exe
        8⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55587.exe
        9⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        10⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
        10⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        9⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
        8⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 236
        7⤵
        
        PID:4368
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
        6⤵
        Program crash
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32581.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 200
        6⤵
        Program crash
        
        PID:2344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
        5⤵
        Program crash
        
        PID:936
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1588
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54678.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54678.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41762.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27777.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38737.exe
        9⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
        10⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
        11⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe
        12⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
        12⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        11⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        10⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
        9⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
        8⤵
        Program crash
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        10⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35222.exe
        11⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 236
        11⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        10⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        9⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
        8⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
        7⤵
        Program crash
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59032.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14559.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39670.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54051.exe
        10⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        11⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38336.exe
        12⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
        11⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 236
        10⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
        9⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 236
        8⤵
        Program crash
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46500.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
        8⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37113.exe
        9⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
        10⤵
        
        PID:932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
        10⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
        9⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 216
        8⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        7⤵
        Program crash
        
        PID:3992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
        6⤵
        Program crash
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        9⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
        10⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        11⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31792.exe
        12⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
        12⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
        11⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 236
        10⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        9⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
        8⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 216
        7⤵
        Program crash
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        6⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
        7⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9240.exe
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
        9⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
        10⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43660.exe
        11⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
        11⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
        10⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
        9⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        8⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 236
        7⤵
        
        PID:4016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        6⤵
        Program crash
        
        PID:2468
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
        5⤵
        Program crash
        
        PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21232.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52364.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22188.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
        8⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59541.exe
        9⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35966.exe
        10⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
        11⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33027.exe
        12⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 236
        12⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 236
        11⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
        10⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 216
        9⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        8⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62717.exe
        9⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61664.exe
        10⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15203.exe
        11⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 236
        11⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
        10⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
        9⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        8⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49131.exe
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        8⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe
        9⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38395.exe
        10⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
        11⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 236
        11⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 236
        10⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
        9⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
        8⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
        7⤵
        Program crash
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57553.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        7⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5872.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        10⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        11⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
        11⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 236
        10⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
        9⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 236
        8⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60522.exe
        8⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
        9⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55302.exe
        10⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe
        11⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
        10⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 236
        9⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        8⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        7⤵
        
        PID:3256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        6⤵
        Program crash
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31019.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41010.exe
        6⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37720.exe
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        9⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        10⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
        10⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 236
        9⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
        8⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
        7⤵
        
        PID:4580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 236
        6⤵
        Program crash
        
        PID:3376
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
        5⤵
        Program crash
        
        PID:888
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11331.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
        7⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54881.exe
        8⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31550.exe
        9⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30232.exe
        10⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        11⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
        12⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
        12⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
        11⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 236
        10⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
        9⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 236
        8⤵
        Program crash
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 236
        7⤵
        Program crash
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31258.exe
        6⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10122.exe
        7⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54679.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
        9⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
        10⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 216
        10⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        9⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
        8⤵
        
        PID:952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 216
        7⤵
        
        PID:5104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
        6⤵
        Program crash
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
        6⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7050.exe
        7⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
        8⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        9⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39550.exe
        10⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 236
        10⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
        9⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 216
        8⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 236
        7⤵
        Program crash
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40469.exe
        6⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35224.exe
        7⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15925.exe
        8⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29703.exe
        9⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
        9⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 236
        8⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 216
        7⤵
        
        PID:5160
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
        6⤵
        Program crash
        
        PID:3680
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        5⤵
        Program crash
        
        PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26812.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52167.exe
        7⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        8⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23901.exe
        9⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25427.exe
        10⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
        10⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
        9⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 216
        8⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
        7⤵
        Program crash
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe
        6⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
        7⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16501.exe
        8⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36117.exe
        9⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 216
        9⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
        8⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 216
        7⤵
        
        PID:5236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
        6⤵
        Program crash
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27366.exe
        5⤵
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe
        6⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6630.exe
        7⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60133.exe
        8⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
        9⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
        9⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
        8⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        7⤵
        
        PID:6332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 216
        6⤵
        
        PID:4124
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
        5⤵
        Program crash
        
        PID:3792
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
      4⤵
      Program crash
      PID:2708
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1204
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
  2⤵
  - Program crash
  PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17101.exe

Filesize
184KB

MD5
6940266ba5ccf194821689db26cb127d

SHA1
ca4aa488147c3a750e184aa55c706bc601bab9ea

SHA256
beca12f8c2743d1ae55e411a6721e33e8d7ce9f0b503e191673eb3a715dbecb5

SHA512
a46bbce0cdcf80b8b3e22b9f44459f580c4f3b26d212990742d262d70e5d915a1c9971d5b0e591a53ceb440139a9ed5f7b9ffa9b850a1d2a8e1ee87fe0479959

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe

Filesize
184KB

MD5
b038a074190456263a063b1913feb17d

SHA1
38f29e6117c567ba7b5c256cd689d703ba06589f

SHA256
93cd5ee55782f817eb7e6c05217d8ce1465254881bfb24af21c8144c0b4a3285

SHA512
d38dbc4af87c96330cc6770e0a6b168217503ee8373ed4718c5b146c6b28bf01fa7734709e3c433a0381408cd2eef494ca8e0ba921a194cae13d4801572cad46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34916.exe

Filesize
184KB

MD5
aec70897b9b4486c9df4f05cef78703b

SHA1
5ae5b2c053d2cbc36903b4a13a96b00d50626014

SHA256
1ccf832903ea3b3e3ad5024e35ea5c9e66a58e9f862138eeb8b38d328840b609

SHA512
d8215fc6c5e61721d04549993d27395a647cda573a47dbd5b7ba7a024cfd0e65b231aa78c5b33d4f9512d65b7deee8b63bde0419fe4257518e728e3ada974f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40469.exe

Filesize
184KB

MD5
1447b39df12c4f4485b12a9fc0edf746

SHA1
567464bc4b53437b2c56e7f1b3bbb26fff02afec

SHA256
c3284e3bd292130e0192b7c9b374e9f6d2f4bc6c55e2922bcea0813f3d59aa28

SHA512
1e7aaf0834971d187a76399444543d765ad1030cce4716ee87e011b357b3fb488f7b4e74c7bb68c6fe1e26333248bf03ab9cefec5fdbdd958907e9f8b7d5a7c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe

Filesize
184KB

MD5
3f06a0434b5a858e8ed86d2c11f45f08

SHA1
4690c96c5dce7ff6a6808c269f8fd7fc48a943b7

SHA256
b590b48dd7406a9707e79f210c19d7ae2c3d70fc6361f887f83134596c6fd0d1

SHA512
2b531512c22655957e4c2643b420fc83723650bac143b7e792564008c64c910c30e3bec8c023247534e4815b938ee6b6b4232f591f1d88325423794389906fe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe

Filesize
184KB

MD5
f2a4ea8c401f652c77acb98725d9d327

SHA1
8030bdeb637baee5e4772f815760bed2fcc6f2eb

SHA256
23b9694d33a89c5d5b80684544df23b5e388882531e3ee605335791dca93207f

SHA512
a1517172b67cac78551dc6851cd723c0637f46b8a48b2039308a22723399db46df6e7af29fa508c63471454c121ed0121ec546429db84903e91cf95617495469

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe

Filesize
184KB

MD5
325dd521c65a8750ccfbd51552345c29

SHA1
90f616e5101b206dc81fa85c36fc6bc979c49e2d

SHA256
c464089b651d1866f307674ce2e920e564db4f6ce12bee9b95cfd9d7d51eb2b8

SHA512
9a05004b0ff542c2c42f9712c29e38e47986f5d6aed10af256abb0fb7b8b4d4248602c27f701b73b3e5d1278a6bd780e76496ee05860a81e1a4dc524bc0e96b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe

Filesize
184KB

MD5
4717be42487f4e406b4801c08893610d

SHA1
9a39962ef0d9e4f262281220f57892848537c850

SHA256
ea57693ea2c83cdb81e7f762516e0cf6a444198703b8e12019b99e3b9c84f43c

SHA512
abadf7524b1f217d867965dbc9a9533186ef28e19d6917cc5cede7e35a8676e784a7073b753152ef9f954c11b42c0f20ce345cbddb8dd59056fc1157b4456df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6630.exe

Filesize
184KB

MD5
d4d974f0378e70d596f46b6386097b3d

SHA1
b70d3e58fa9a3612764c583626055baad328da0d

SHA256
cde7853a47a7c245e66acd4ac6113f851a8b7349588e456ef79c2fd182b1322c

SHA512
60382e75f10b568b3c30a8a0356f483eef356aefcf1884b65ae825560d29b0e79fc6ed69605444e358eb3cbe9674b8b93ac8e63b0f580d7aae5f6003034e5e55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe

Filesize
184KB

MD5
6d2ed74c634b91b46d12030d48fd2a2c

SHA1
ead018825e7824c8f5663785587e61772e6bd820

SHA256
45c4f65020da8a9f0e79035b6802bcac114216b9c508e21f149e23e677a8c6c6

SHA512
3461c2775923f73e3c3127de3950337706611db2e773ccab6aab959f6111d915a41ae82094feb7b1c1ff6ca198a91ef973e2c7ac15371c76ff5cc866ea762f0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-153.exe

Filesize
184KB

MD5
44b7a47f9fb6064369bdd52f9ffed5b0

SHA1
48f7d579627a092cef919168e371314c87e10599

SHA256
ae51efe54570a3772a450267643ef88200119cc49ed98fbcd79886342abfdc22

SHA512
0538dc11af616f63c6d96029053db7ef9bb5f89f54165b2ba11b32bb744a7b34f038bab1fdca7a620a6580214efc8c97f25a6b3b12003137a9a35e2b5a199d25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe

Filesize
184KB

MD5
2150c0f60a20cc1663765f14c3a0072d

SHA1
812dedcb6456b58017c26a4e6c9fd273b0fad8fe

SHA256
50f1e8bb0c19ed0fbf35590629e4f4f0ce6b012a2b8db9a75aaff67a0adee159

SHA512
3097a984480b036d0a31a36ed7dc45d53a33dd780298101b75a46e4b04d16558573a9272ea762bc96c3b7a9b6748ab8dd760ce0e4515f80a3bbf5ca95838f5d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe

Filesize
184KB

MD5
1f4b36e4fc65ef545c32138daeb2aae4

SHA1
91d10cc5ad70453607ef61cbff99478a4a2568ee

SHA256
07eb94ca0aba3eea84ee186647d7e0656ff545311a5d3f17276bc447aef1ff4a

SHA512
69a44670d1f5bd0916d9e6a95bd8b08f2c8311abc8a098d50cc7cb6169d6009d870af5ca25f1fc08ebfd05aeef62de506a5d49997f9c5af1fd4a8de953a69dfb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe

Filesize
184KB

MD5
8a4899f68b3194274768e68c60728be5

SHA1
e4d549f04271fc4f9d6e37d4fe72670420feb092

SHA256
3d5cf8e18c88a8ed8b8c48ad2b1b8f7dfae7f8c191160313c65eb5629fb3fac8

SHA512
3694b445814e9837edb4e3872e147a7ed56b5ad9c97a58285609262336e16f3c15b3d524247b5b69583c1b52c3bbf307179c5e5fbadffeaa221c8d453832b057

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe

Filesize
184KB

MD5
633a88156ab845fc16f6d919b1c15a6f

SHA1
333b66a4f67400aac7e4529283ba2be2ab298e82

SHA256
bb8d46dabc5196adbba45d337d4db99c9cc00148af3b138d0313ba415ff9f57d

SHA512
475706043505b7941d47607e87ffeff6fe60792f92d82688c57a506665aa0d753c449989713838f5652d17933698a4cf9e087450258e02eeb38cc22a6d2a9484

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41762.exe

Filesize
184KB

MD5
0fb6c0340bc4bdb3dd99c61c6ac7a599

SHA1
ea5461dceb857d2e208b2d6a499d3b2045f65f82

SHA256
261d5b084877796eb10c632c2c63d6d85e47d59c398e5a3170c1d7046fc7fb49

SHA512
c39798f45340c6b69c97404ce815e2280601891b0fafefa767942e9aaf929016935afefd731e033584fea4f7e7f4d2bf37c99f446c531c7df2ae0e3451c2cda9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe

Filesize
184KB

MD5
af6f2162f6dc3339aea6a3e60e07af1a

SHA1
7f849718693a53d7e85b04e4c0e87034380cd014

SHA256
3e40eff737c53b9d4082c7aa5e12962af2621b5704486342bb01689bb11587a3

SHA512
6082f8b34a57d13e645953622072f9d4f5664cd78501a81ca2dc59e87952e778cb076bf52f6cde7d81593048c59a39f0e2119f9902f0ac554566699fcd5e3e84

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54678.exe

Filesize
184KB

MD5
3641d7ca4d5c95e05453fefb74d13231

SHA1
7e80ccc9684d2159d445400d1dc034894c48f18f

SHA256
3a79b302f8d1cbbb22eca02aa5d916014e6d3ecb14ebd2b58a683edbb377abb8

SHA512
72dae82b5a99affb3237ea53998af483d5fc0c1b006f398f83db4686f6c3f3db8ce38d750650fe16a62c01c1e2fa941702bacc0316e3df58a4d3516b343fd43f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57927.exe

Filesize
184KB

MD5
6f7cf42baf10fe6fdc2c84314a1c31e8

SHA1
dafdb11beb073912501dee4727359a25398ef0a7

SHA256
11203073d8c666f4771bafd7bfc7b2e71b5b6de48be7d50684ce28766884a867

SHA512
5170babc9ae1fffb62f129505bef14c6fe8437f07149401e8e834a2686adbf67c94d0ddfdb7bcf3368b6b9413348b7df6fde8de5b47ed4f1286fe23412b1560e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe

Filesize
184KB

MD5
148264a37ab7d08b783db4af8978f755

SHA1
5d6d08004f302445f36ec31dcab599a300c063f8

SHA256
d167c895ef3b8e9c08addcfa09cafbfe6c5dc1d0a84d05b6ce141d1462108352

SHA512
d9411781c32dbdaffe918e3b1d6307c33d88af838f4445bc85db0f72e7847fb263558b91a9ca955188fa6cb8e519bd576d6e46802c00fce0c27697c9680c02eb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads