a1f92312233f3eaf4e46d34c5ccb98afb9a3dff32d30a24a104fc1502a71b827

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 03:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe
Size

184KB
MD5

62e5d9307ce3c89b5295e63cca5cdf80
SHA1

3512b3dda6af8a43826de77702e55323a1d8120b
SHA256

a1f92312233f3eaf4e46d34c5ccb98afb9a3dff32d30a24a104fc1502a71b827
SHA512

99b2b8a2625876fb4cafd11956327f48c7013f31e27d5fe7224aa9944aec0b908c3ee516d8ff7b8f9bef90c00d45273d751b8d2f271d39dc970a0dd8e7b076ee
SSDEEP

3072:8BZvPmoTuP1VddwtWtt8Zho4cvnqnviFFn3:8BMogzdwo83o4cPqnviFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2824	Unicorn-53655.exe
2372	Unicorn-53728.exe
3068	Unicorn-14319.exe
2604	Unicorn-11377.exe
2584	Unicorn-23115.exe
2596	Unicorn-42597.exe
2200	Unicorn-55703.exe
884	Unicorn-2973.exe
2712	Unicorn-7187.exe
2764	Unicorn-40052.exe
2836	Unicorn-20186.exe
2008	Unicorn-23104.exe
2520	Unicorn-64992.exe
1628	Unicorn-35273.exe
2276	Unicorn-33004.exe
588	Unicorn-6357.exe
268	Unicorn-51152.exe
1384	Unicorn-38646.exe
2036	Unicorn-13809.exe
956	Unicorn-26616.exe
624	Unicorn-3249.exe
3020	Unicorn-32139.exe
2308	Unicorn-61666.exe
1340	Unicorn-15418.exe
2052	Unicorn-28417.exe
880	Unicorn-34443.exe
3040	Unicorn-18299.exe
2816	Unicorn-31105.exe
2772	Unicorn-50971.exe
2400	Unicorn-7302.exe
2164	Unicorn-36445.exe
2644	Unicorn-6918.exe
2748	Unicorn-59108.exe
2464	Unicorn-5693.exe
2784	Unicorn-8262.exe
2876	Unicorn-22330.exe
1916	Unicorn-8428.exe
1928	Unicorn-11443.exe
2512	Unicorn-24957.exe
2208	Unicorn-7338.exe
2328	Unicorn-63213.exe
2324	Unicorn-60369.exe
1524	Unicorn-13628.exe
524	Unicorn-63514.exe
2364	Unicorn-26435.exe
2356	Unicorn-46301.exe
2076	Unicorn-42771.exe
1892	Unicorn-36265.exe
2392	Unicorn-255.exe
1000	Unicorn-24838.exe
1768	Unicorn-4396.exe
1988	Unicorn-10037.exe
1620	Unicorn-55647.exe
2832	Unicorn-5678.exe
3028	Unicorn-2341.exe
2780	Unicorn-41653.exe
2548	Unicorn-28655.exe
2676	Unicorn-61820.exe
2544	Unicorn-28764.exe
1120	Unicorn-41570.exe
1484	Unicorn-61628.exe
2524	Unicorn-64124.exe
2692	Unicorn-57196.exe
2736	Unicorn-44197.exe

Loads dropped DLL 64 IoCs

pid	Process
2224	62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe
2224	62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe
2824	Unicorn-53655.exe
2224	62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe
2824	Unicorn-53655.exe
2224	62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe
2372	Unicorn-53728.exe
2372	Unicorn-53728.exe
2824	Unicorn-53655.exe
2824	Unicorn-53655.exe
3068	Unicorn-14319.exe
3068	Unicorn-14319.exe
2476	WerFault.exe
2476	WerFault.exe
2476	WerFault.exe
2476	WerFault.exe
2476	WerFault.exe
2604	Unicorn-11377.exe
2372	Unicorn-53728.exe
2604	Unicorn-11377.exe
2372	Unicorn-53728.exe
2584	Unicorn-23115.exe
2584	Unicorn-23115.exe
2596	Unicorn-42597.exe
3068	Unicorn-14319.exe
2596	Unicorn-42597.exe
3068	Unicorn-14319.exe
1652	WerFault.exe
1652	WerFault.exe
1652	WerFault.exe
1652	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
1652	WerFault.exe
2344	WerFault.exe
884	Unicorn-2973.exe
884	Unicorn-2973.exe
2584	Unicorn-23115.exe
2584	Unicorn-23115.exe
2200	Unicorn-55703.exe
2200	Unicorn-55703.exe
2604	Unicorn-11377.exe
2604	Unicorn-11377.exe
2764	Unicorn-40052.exe
2764	Unicorn-40052.exe
2596	Unicorn-42597.exe
2596	Unicorn-42597.exe
2836	Unicorn-20186.exe
2836	Unicorn-20186.exe
1036	WerFault.exe
1036	WerFault.exe
1036	WerFault.exe
1036	WerFault.exe
1036	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
1720	WerFault.exe
1720	WerFault.exe
1720	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2672	2224	WerFault.exe	27
2476	2824	WerFault.exe	28
1652	2372	WerFault.exe	29
2344	3068	WerFault.exe	30
1036	2604	WerFault.exe	32
2952	2584	WerFault.exe	33
1720	2596	WerFault.exe	34
2768	884	WerFault.exe	37
2960	2200	WerFault.exe	36
2556	2764	WerFault.exe	39
2540	2836	WerFault.exe	40
940	2008	WerFault.exe	43
520	2520	WerFault.exe	44
668	1628	WerFault.exe	45
952	588	WerFault.exe	47
1736	268	WerFault.exe	48
2948	1384	WerFault.exe	49
2272	2276	WerFault.exe	46
1912	2036	WerFault.exe	55
568	956	WerFault.exe	56
1276	2308	WerFault.exe	59
2820	1340	WerFault.exe	60
2688	2772	WerFault.exe	64
2744	2400	WerFault.exe	67
2856	1916	WerFault.exe	77
840	2208	WerFault.exe	80
1672	3040	WerFault.exe	63
2212	3020	WerFault.exe	58
2188	2324	WerFault.exe	82
2180	2164	WerFault.exe	68
3048	2356	WerFault.exe	86
2492	1928	WerFault.exe	78
2396	2328	WerFault.exe	81
388	2076	WerFault.exe	87
2064	1524	WerFault.exe	83
2136	2876	WerFault.exe	76
796	2464	WerFault.exe	74
3088	2392	WerFault.exe	93
3348	624	WerFault.exe	57
3472	880	WerFault.exe	62
3720	524	WerFault.exe	84
3804	2364	WerFault.exe	85
3844	2784	WerFault.exe	75
3856	2644	WerFault.exe	70
3952	2816	WerFault.exe	65
3980	2052	WerFault.exe	61
4092	1000	WerFault.exe	97
3108	1776	WerFault.exe	116
3164	1100	WerFault.exe	133
3256	2676	WerFault.exe	105
3340	2748	WerFault.exe	73
3408	2736	WerFault.exe	111
3480	872	WerFault.exe	124
3500	2512	WerFault.exe	79
3544	632	WerFault.exe	136
3572	2932	WerFault.exe	135
3672	2780	WerFault.exe	103
3692	3028	WerFault.exe	102
3700	2524	WerFault.exe	109
3836	2544	WerFault.exe	106
4064	1620	WerFault.exe	100
4016	1988	WerFault.exe	99
3268	2536	WerFault.exe	127
3188	1892	WerFault.exe	91

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2224	62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe
2824	Unicorn-53655.exe
2372	Unicorn-53728.exe
3068	Unicorn-14319.exe
2604	Unicorn-11377.exe
2584	Unicorn-23115.exe
2596	Unicorn-42597.exe
2200	Unicorn-55703.exe
884	Unicorn-2973.exe
2764	Unicorn-40052.exe
2836	Unicorn-20186.exe
2008	Unicorn-23104.exe
2520	Unicorn-64992.exe
1628	Unicorn-35273.exe
588	Unicorn-6357.exe
2276	Unicorn-33004.exe
268	Unicorn-51152.exe
1384	Unicorn-38646.exe
2036	Unicorn-13809.exe
956	Unicorn-26616.exe
624	Unicorn-3249.exe
3020	Unicorn-32139.exe
2308	Unicorn-61666.exe
1340	Unicorn-15418.exe
2052	Unicorn-28417.exe
880	Unicorn-34443.exe
3040	Unicorn-18299.exe
2816	Unicorn-31105.exe
2772	Unicorn-50971.exe
2400	Unicorn-7302.exe
2164	Unicorn-36445.exe
2644	Unicorn-6918.exe
2748	Unicorn-59108.exe
2464	Unicorn-5693.exe
2784	Unicorn-8262.exe
2876	Unicorn-22330.exe
1916	Unicorn-8428.exe
1928	Unicorn-11443.exe
2512	Unicorn-24957.exe
2208	Unicorn-7338.exe
2328	Unicorn-63213.exe
1524	Unicorn-13628.exe
524	Unicorn-63514.exe
2324	Unicorn-60369.exe
2364	Unicorn-26435.exe
2356	Unicorn-46301.exe
2076	Unicorn-42771.exe
1892	Unicorn-36265.exe
2392	Unicorn-255.exe
1000	Unicorn-24838.exe
1768	Unicorn-4396.exe
1988	Unicorn-10037.exe
1620	Unicorn-55647.exe
2832	Unicorn-5678.exe
3028	Unicorn-2341.exe
2780	Unicorn-41653.exe
2676	Unicorn-61820.exe
2548	Unicorn-28655.exe
2544	Unicorn-28764.exe
2524	Unicorn-64124.exe
1120	Unicorn-41570.exe
1484	Unicorn-61628.exe
2736	Unicorn-44197.exe
2032	Unicorn-63932.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2824	2224	62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe	28
PID 2224 wrote to memory of 2824	2224	62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe	28
PID 2224 wrote to memory of 2824	2224	62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe	28
PID 2224 wrote to memory of 2824	2224	62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe	28
PID 2824 wrote to memory of 2372	2824	Unicorn-53655.exe	29
PID 2824 wrote to memory of 2372	2824	Unicorn-53655.exe	29
PID 2824 wrote to memory of 2372	2824	Unicorn-53655.exe	29
PID 2824 wrote to memory of 2372	2824	Unicorn-53655.exe	29
PID 2224 wrote to memory of 3068	2224	62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe	30
PID 2224 wrote to memory of 3068	2224	62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe	30
PID 2224 wrote to memory of 3068	2224	62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe	30
PID 2224 wrote to memory of 3068	2224	62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe	30
PID 2224 wrote to memory of 2672	2224	62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe	31
PID 2224 wrote to memory of 2672	2224	62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe	31
PID 2224 wrote to memory of 2672	2224	62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe	31
PID 2224 wrote to memory of 2672	2224	62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe	31
PID 2372 wrote to memory of 2604	2372	Unicorn-53728.exe	32
PID 2372 wrote to memory of 2604	2372	Unicorn-53728.exe	32
PID 2372 wrote to memory of 2604	2372	Unicorn-53728.exe	32
PID 2372 wrote to memory of 2604	2372	Unicorn-53728.exe	32
PID 2824 wrote to memory of 2584	2824	Unicorn-53655.exe	33
PID 2824 wrote to memory of 2584	2824	Unicorn-53655.exe	33
PID 2824 wrote to memory of 2584	2824	Unicorn-53655.exe	33
PID 2824 wrote to memory of 2584	2824	Unicorn-53655.exe	33
PID 3068 wrote to memory of 2596	3068	Unicorn-14319.exe	34
PID 3068 wrote to memory of 2596	3068	Unicorn-14319.exe	34
PID 3068 wrote to memory of 2596	3068	Unicorn-14319.exe	34
PID 3068 wrote to memory of 2596	3068	Unicorn-14319.exe	34
PID 2824 wrote to memory of 2476	2824	Unicorn-53655.exe	35
PID 2824 wrote to memory of 2476	2824	Unicorn-53655.exe	35
PID 2824 wrote to memory of 2476	2824	Unicorn-53655.exe	35
PID 2824 wrote to memory of 2476	2824	Unicorn-53655.exe	35
PID 2604 wrote to memory of 2200	2604	Unicorn-11377.exe	36
PID 2604 wrote to memory of 2200	2604	Unicorn-11377.exe	36
PID 2604 wrote to memory of 2200	2604	Unicorn-11377.exe	36
PID 2604 wrote to memory of 2200	2604	Unicorn-11377.exe	36
PID 2372 wrote to memory of 884	2372	Unicorn-53728.exe	37
PID 2372 wrote to memory of 884	2372	Unicorn-53728.exe	37
PID 2372 wrote to memory of 884	2372	Unicorn-53728.exe	37
PID 2372 wrote to memory of 884	2372	Unicorn-53728.exe	37
PID 2584 wrote to memory of 2712	2584	Unicorn-23115.exe	38
PID 2584 wrote to memory of 2712	2584	Unicorn-23115.exe	38
PID 2584 wrote to memory of 2712	2584	Unicorn-23115.exe	38
PID 2584 wrote to memory of 2712	2584	Unicorn-23115.exe	38
PID 2596 wrote to memory of 2764	2596	Unicorn-42597.exe	39
PID 2596 wrote to memory of 2764	2596	Unicorn-42597.exe	39
PID 2596 wrote to memory of 2764	2596	Unicorn-42597.exe	39
PID 2596 wrote to memory of 2764	2596	Unicorn-42597.exe	39
PID 3068 wrote to memory of 2836	3068	Unicorn-14319.exe	40
PID 3068 wrote to memory of 2836	3068	Unicorn-14319.exe	40
PID 3068 wrote to memory of 2836	3068	Unicorn-14319.exe	40
PID 3068 wrote to memory of 2836	3068	Unicorn-14319.exe	40
PID 2372 wrote to memory of 1652	2372	Unicorn-53728.exe	41
PID 2372 wrote to memory of 1652	2372	Unicorn-53728.exe	41
PID 2372 wrote to memory of 1652	2372	Unicorn-53728.exe	41
PID 2372 wrote to memory of 1652	2372	Unicorn-53728.exe	41
PID 3068 wrote to memory of 2344	3068	Unicorn-14319.exe	42
PID 3068 wrote to memory of 2344	3068	Unicorn-14319.exe	42
PID 3068 wrote to memory of 2344	3068	Unicorn-14319.exe	42
PID 3068 wrote to memory of 2344	3068	Unicorn-14319.exe	42
PID 884 wrote to memory of 2008	884	Unicorn-2973.exe	43
PID 884 wrote to memory of 2008	884	Unicorn-2973.exe	43
PID 884 wrote to memory of 2008	884	Unicorn-2973.exe	43
PID 884 wrote to memory of 2008	884	Unicorn-2973.exe	43

C:\Users\Admin\AppData\Local\Temp\62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\62e5d9307ce3c89b5295e63cca5cdf80_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53655.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53655.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32139.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8262.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14155.exe
        9⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        10⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63848.exe
        11⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63878.exe
        12⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24815.exe
        13⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        14⤵
        
        PID:660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
        14⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 236
        13⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
        12⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 236
        11⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
        10⤵
        
        PID:3184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 216
        9⤵
        Program crash
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
        8⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        9⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        10⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
        11⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31510.exe
        12⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
        13⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
        12⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
        11⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        10⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 236
        9⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
        8⤵
        Program crash
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        8⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        9⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
        10⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49462.exe
        11⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        12⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        13⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
        13⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
        12⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 236
        11⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 216
        10⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 216
        9⤵
        
        PID:3796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
        8⤵
        Program crash
        
        PID:2136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        7⤵
        Program crash
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24957.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
        9⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
        10⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
        11⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
        12⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
        13⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
        14⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 236
        13⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
        12⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        11⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 216
        10⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4773.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53610.exe
        10⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        11⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37478.exe
        12⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
        13⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
        12⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
        11⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        10⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
        9⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24954.exe
        8⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        9⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        10⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15656.exe
        11⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6519.exe
        12⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
        12⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        11⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        10⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 216
        9⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
        8⤵
        Program crash
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43917.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48462.exe
        9⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
        10⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43654.exe
        11⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
        12⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 236
        12⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 236
        11⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        10⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 216
        9⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
        8⤵
        Program crash
        
        PID:3672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
        7⤵
        Program crash
        
        PID:1276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
        6⤵
        Program crash
        
        PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28764.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-793.exe
        9⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47969.exe
        10⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20444.exe
        11⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        12⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
        12⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
        11⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
        10⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        9⤵
        Program crash
        
        PID:3836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
        8⤵
        Program crash
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41570.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1970.exe
        9⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14805.exe
        10⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        11⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
        12⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 236
        11⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 220
        10⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        9⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 236
        8⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        7⤵
        Program crash
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42771.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14155.exe
        7⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48451.exe
        9⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55850.exe
        10⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49563.exe
        11⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
        12⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
        12⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
        11⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
        10⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
        9⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
        8⤵
        Program crash
        
        PID:3108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 216
        7⤵
        Program crash
        
        PID:388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
        6⤵
        Program crash
        
        PID:2272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2973.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36265.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48530.exe
        9⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
        10⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
        11⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41274.exe
        12⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe
        13⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14131.exe
        14⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
        13⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
        12⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 216
        11⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
        10⤵
        Program crash
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11353.exe
        9⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18499.exe
        10⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25221.exe
        11⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11969.exe
        12⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 236
        12⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 236
        11⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 216
        10⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 220
        9⤵
        Program crash
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41409.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        9⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37741.exe
        10⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
        11⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33424.exe
        12⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        13⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
        13⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 236
        12⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 236
        11⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        10⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
        9⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
        8⤵
        Program crash
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-255.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65017.exe
        9⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe
        10⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
        11⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14503.exe
        12⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38840.exe
        13⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 236
        13⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
        12⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 236
        11⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 220
        10⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
        9⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
        8⤵
        Program crash
        
        PID:3088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
        7⤵
        Program crash
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36445.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
        8⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        10⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59314.exe
        11⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11558.exe
        12⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 216
        12⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
        11⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        10⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
        9⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        8⤵
        Program crash
        
        PID:3256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
        7⤵
        Program crash
        
        PID:2180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        6⤵
        Program crash
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6918.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        8⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        9⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53610.exe
        10⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14719.exe
        11⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 220
        12⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 236
        11⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        10⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 216
        9⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32307.exe
        9⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41050.exe
        10⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41634.exe
        11⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        12⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
        12⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
        11⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        10⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
        9⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 240
        8⤵
        Program crash
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
        7⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36386.exe
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        10⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42594.exe
        11⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51683.exe
        12⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 216
        12⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
        11⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 236
        10⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
        9⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 216
        8⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
        7⤵
        Program crash
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65017.exe
        8⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15021.exe
        9⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
        10⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        11⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45309.exe
        12⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
        11⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 236
        10⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        9⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 216
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52080.exe
        7⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        8⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        9⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42997.exe
        10⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 236
        10⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 236
        9⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 220
        8⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
        7⤵
        
        PID:3824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
        6⤵
        Program crash
        
        PID:568
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
        5⤵
        Program crash
        
        PID:2768
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23115.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7187.exe
      4⤵
      Executes dropped EXE
      PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64992.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59108.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64124.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        8⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
        9⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
        10⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51016.exe
        11⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62020.exe
        12⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 220
        12⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
        11⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
        10⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 236
        9⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
        8⤵
        Program crash
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
        7⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39821.exe
        8⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41626.exe
        9⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32184.exe
        10⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35689.exe
        11⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
        11⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        10⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
        9⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
        8⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        7⤵
        Program crash
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57196.exe
        6⤵
        Executes dropped EXE
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39439.exe
        7⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        8⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44847.exe
        9⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38375.exe
        10⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
        11⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
        11⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
        10⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        9⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 220
        8⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
        7⤵
        
        PID:4408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 240
        6⤵
        Program crash
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5693.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        6⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52272.exe
        7⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51363.exe
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe
        9⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37478.exe
        10⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63010.exe
        11⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 216
        10⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        9⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        8⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
        7⤵
        
        PID:3380
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        6⤵
        Program crash
        
        PID:796
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        5⤵
        Program crash
        
        PID:520
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2952
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15418.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10037.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        9⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48899.exe
        10⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34611.exe
        11⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41050.exe
        12⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48328.exe
        13⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
        14⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
        14⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
        13⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        12⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
        11⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 236
        10⤵
        Program crash
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64529.exe
        9⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        10⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5426.exe
        10⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        11⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        12⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 216
        12⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        11⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 220
        10⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
        9⤵
        Program crash
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14.exe
        8⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        9⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
        10⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63669.exe
        11⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63059.exe
        12⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 236
        12⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
        11⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 216
        10⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
        9⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 220
        8⤵
        Program crash
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2341.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10284.exe
        8⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45270.exe
        9⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58004.exe
        10⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27452.exe
        11⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        12⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
        11⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
        10⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 236
        9⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
        8⤵
        Program crash
        
        PID:3692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 240
        7⤵
        Program crash
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        8⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48899.exe
        9⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
        10⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31097.exe
        11⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
        12⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
        13⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
        13⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
        12⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
        11⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
        10⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 236
        9⤵
        Program crash
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64913.exe
        8⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe
        9⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        10⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        11⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
        11⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
        10⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 216
        9⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        8⤵
        Program crash
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65224.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1426.exe
        8⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
        9⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63878.exe
        10⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54436.exe
        11⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
        12⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
        12⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
        11⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 236
        10⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 236
        9⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
        8⤵
        Program crash
        
        PID:3572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
        7⤵
        Program crash
        
        PID:840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 240
        6⤵
        Program crash
        
        PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11443.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44197.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1042.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45046.exe
        10⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11156.exe
        11⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53297.exe
        12⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
        12⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
        11⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
        10⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 216
        9⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
        8⤵
        Program crash
        
        PID:3408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
        7⤵
        Program crash
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
        6⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44468.exe
        7⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17729.exe
        8⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        9⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25050.exe
        10⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
        10⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        9⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        8⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 216
        7⤵
        
        PID:5068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 220
        6⤵
        Program crash
        
        PID:3980
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
        5⤵
        Program crash
        
        PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34443.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63514.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        7⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9563.exe
        8⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39484.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
        10⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        11⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2482.exe
        12⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 236
        12⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 236
        11⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        10⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
        9⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 236
        8⤵
        Program crash
        
        PID:3480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 524 -s 236
        7⤵
        Program crash
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26936.exe
        6⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22719.exe
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17731.exe
        8⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47094.exe
        9⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50856.exe
        10⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
        11⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 236
        10⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 236
        9⤵
        
        PID:920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        8⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        7⤵
        
        PID:4452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
        6⤵
        Program crash
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26435.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61628.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45765.exe
        7⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
        8⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        8⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 216
        7⤵
        
        PID:4648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 236
        6⤵
        Program crash
        
        PID:3804
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
        5⤵
        Program crash
        
        PID:1736
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20186.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18299.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63932.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 236
        7⤵
        Program crash
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
        6⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41686.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54855.exe
        8⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1040.exe
        9⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        10⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
        11⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
        10⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
        9⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        8⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
        7⤵
        
        PID:4236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        6⤵
        Program crash
        
        PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47555.exe
        7⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28099.exe
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1808.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
        10⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33577.exe
        11⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
        11⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 236
        10⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
        9⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 216
        8⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
        7⤵
        
        PID:3356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 236
        6⤵
        Program crash
        
        PID:2188
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
        5⤵
        Program crash
        
        PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31105.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13628.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
        6⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41686.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        8⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        9⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26575.exe
        10⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10747.exe
        11⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
        10⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
        9⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        8⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 216
        7⤵
        
        PID:4228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
        6⤵
        Program crash
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        5⤵
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40446.exe
        6⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
        7⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17801.exe
        8⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6630.exe
        9⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
        9⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 236
        8⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
        7⤵
        
        PID:1192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 236
        6⤵
        
        PID:4800
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        5⤵
        Program crash
        
        PID:3952
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
      4⤵
      Program crash
      PID:2540
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2344
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
  2⤵
  - Program crash
  PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe

Filesize
184KB

MD5
368e6e8b2fd97287049fd96868e6849f

SHA1
ac4a2c7092b9b6a3d6ebc1ac7e85d994d09b6a87

SHA256
b62594597f126dd26a4d425ff4d81d9b2362bb0f474676409ff94f434f9641a1

SHA512
c4e6f776a29f5b01d1f9a0268b8a1bc50cd8752e734b66c778bc8ad005179ede64878f694c560735275ce8361604e280071cab6e0c727f11b3acaf838fb0e02f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20186.exe

Filesize
184KB

MD5
bb580814fe39bd5dc4181d644fd6efd3

SHA1
32d596b3b504f9d534015be43e10413e5a5153d8

SHA256
1b22d4679959f263122c772db8c1e2c95e047ff7edabddef296c2cf08f21a1d4

SHA512
9ffcc3f9a8ceba1dc941ff12cccbb902dce571817d8675e1d1ef601876ceaf202eefba4740e582129ec836d3455ec5def22d75a3bd9904f62957bf4b967c9873

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe

Filesize
184KB

MD5
72abe5891e84f122648d5c8d06a9997e

SHA1
66334a58dd16cb17926263852b19e61cb8a2e6c0

SHA256
ec0469665c90a26a604192a721207480c0b9a051f42c6016d7069c4ad21966c0

SHA512
19c7e88d7e9053496dcdd1b89fccf29b35779f502ea976cf6b599cbf510f3b80b5f05af492888c8f2e7de18a4d208f52d0fe108bbbbc7b315312545e69a9efc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe

Filesize
184KB

MD5
7b41b9fa4951142652e582d914196308

SHA1
595071aa281ed8863f305da2d40fe49a6933e7e6

SHA256
dffa9dfc19fd2416ea74921be9b3f7525013467d1eeaba48aaf36bb380618aba

SHA512
f7e4d3c95d254d3c6236ac70fa5bf5f7a3562994c7ca50c5fd17c2018af75628598580c2582948763bc1c567e0480852cbf945636716b204c61ddbb2797efbfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2973.exe

Filesize
184KB

MD5
59bd8712c4b59daa82cbe40eda016ab0

SHA1
1d6e8256c66cc98e10c943ed46511ec2b2aa983b

SHA256
c9385dab4930e1103f524d307eb4c553510df91434b96fb600f2a0ce64ad9390

SHA512
5427281b95796e2ea9f0a62a9a5042a3b7e5749c851cb85a12cc072d61c947c23a6f09b4a388bebac8b511014c7d46fa9a2d15b2481c2a18687ae4904ff66e60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37741.exe

Filesize
184KB

MD5
7d4c37f821fdd55245e02991359e277c

SHA1
7386ed705aadcafc48975bc99b46d3ae040523ba

SHA256
4fd7c5e763d4fc3190e7869e70a06ac724fb1e7f9968200517ff005f2f62cffe

SHA512
91455228dfccc484d6deb4e95698ebdc251384533f365f7669f6de27cee5be2e2f2b05b480d0c513c0829d04da79d3882a91330a3500876d4bddbfb2c267234e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe

Filesize
184KB

MD5
36511aca9d6cb07207cdafde2a23f855

SHA1
22c4e12dd962d05fc16dad858743467c6e1ff9a5

SHA256
17a36a69a85de74e4af15cec8de6e46c13c144a5b403467cd36e5bac23f9bf0a

SHA512
41c27004958c76a8207dcaeaa0110e708fc74bed73c4a33a53fadb8dbee08f9db1c2bee263a7d833c1fc147835b578bc33809abbf6c179ad08812cdfd6cbc757

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39439.exe

Filesize
184KB

MD5
41ac924ff573bce5be9c708e3e754529

SHA1
d62f1f110933e251600c0bd706140d5d71e820cf

SHA256
8c0fae65cd55043e0d2b9d09ca5d8aaffd3bda9ec217c2b255c47f9ecdb6c887

SHA512
6ff0a7e36e10760b3b9153ea5b7e06146b761607a6b4aef2ad5243226597d70a121c05e171a294f91f7dedbec0bf9aed24e8deb0138261393154f8424e965396

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe

Filesize
184KB

MD5
2bd70f5ed2295ed96d583b2de8399256

SHA1
7da89fd88230524353f889f7db83395c78447d03

SHA256
d44fb71157501189fe2210571cf70d9e733d1ff0f204f66942de80e5a42f096a

SHA512
992cbdf0194193341ba03873cee09e69ea636ed83d0d7a1dd2c8558cc6f41c633aa4ceb30c9732954b6f225f44370460e6a9ec72fd865d875fa8a312805a0234

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe

Filesize
184KB

MD5
16b46ca71b0588b68cc5a226bfe03931

SHA1
9b0c45ca5046edf9ee271e73a9d32c276cb289db

SHA256
8a5652c4eb356508568fae0041c974e0aab0576a934b12ff8aee84bf88aad47e

SHA512
8c8562369487beb1cfc0fc88d4f6cd586879781646677a25414d151cd75b2fea40b972722a305baa41cc735471f24c99af08f2ac4a21b1cb2c29cda397ffb818

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe

Filesize
184KB

MD5
adf55ae046f3714ce1bcd962358b0911

SHA1
54da9cabeedb4671e5ac7fd1356c7e4c9b4a3f9e

SHA256
e0e38ff22230b973b7118aaea2f52ce4ecf2e66be33669662209bcc1f2326206

SHA512
50f0fb2eceeaeec1ccf9fb73f08d421b17ee215a3cfa4e395196d1592e3aa763e5c7048a0c67147461214c2b792c2c1aa6d8cef166a508a3e2ab10ee2584b9b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe

Filesize
184KB

MD5
14b2952170811506405f27edcd519f9a

SHA1
3ad935771ccda0f1520cc1c6919ada67ec5e846a

SHA256
c36ffa09816c6ba5254028db42523dbdaa2516052462977a3c95a6ea08ac3b3a

SHA512
58d3baecf847cf24604451bf41ab7394425b65d11c9fa70be226d978bebfac63e3fffda8b802abc7f24b97d3cf85d7fadb8deac749208bc339e23deadb49a8f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe

Filesize
184KB

MD5
79ea76a080402697cc91fbd0fa6e6a5f

SHA1
31b0b3432bc73e2d1910e31bfa757fd75159c8e1

SHA256
11ee9525b077719e20688c8850322e8638f828e693879a8aec1d2f5c154d766d

SHA512
99ad695e3f7d1986bb23fa0c98d532a045ef47f2daf4d3726b6a00528bc44741afa99c91b71c45ae456da820b3b73d14200f65197a21dc21e01dc7bba7886f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6519.exe

Filesize
184KB

MD5
8d6af1235252541a152ba4b9b32968f4

SHA1
cccfbca3b4660535fda95b521d65f6280200f5f8

SHA256
70601dbc050e2283587010d12b02f92cc858808fcc9e9060b4605a2acbce8a6a

SHA512
8f611cc9495373768d648d266ac291be9e2d746a2657225cd5402d10960949a16a8d5575dd756ea27e01f6e52b91bb13e313325aab69ab016210a323487c4048

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe

Filesize
184KB

MD5
a6f62423b92152b0ad645e17f8aa2c8a

SHA1
a0785b78203577ad7001cf3fe3d270e9ffad3c5d

SHA256
1366f3e2b4e424e76f321730c9c38776d7e20d17a2ee9815404bc4dfedef6fa2

SHA512
92143ca9b531242126108f13d45755a5f5bddd3aeec07baad481b0444aaa648cc6a3151f85f5273fcdfb177e588489ed982b82a6d08c1fab3032ee9afe6034ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe

Filesize
184KB

MD5
396b24a083aa45564cc0d0466ff82ce9

SHA1
3dab2d7f5a7480839d1dbc5e12d463447cfa464f

SHA256
b017b35610cb2d3add17d9b4938aada4a748f2edfb18c0a17b1d22e27bd1f31b

SHA512
65a2f9660a04a717ecde1caf9200cd3e1565213beaf3d7b53c8cef9e5c319e88ca4205e27747b062bbb52682c9bafd65748eca30fe7559eea4aca2284c0d6f3f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23115.exe

Filesize
184KB

MD5
8833cfe686c56c37ce3983e3c92440e6

SHA1
e2d7c8205be52a443a409bd6b8064162c30c17e7

SHA256
0ea6ccc897e143ae273227946be31a9050c70b4b487154402da13b5024f3e1ec

SHA512
651ab723743938d49b7b9630505d513e7b7b08d4b19dc7058d846419b52f5eca39a1a8383f05180e07160ae9ca660a88f6f89dc25cb2067484df182e81911bcd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe

Filesize
184KB

MD5
4ccfc0028f5b8a4067b3b378dc6afe8e

SHA1
f9a06f090bd9eaad1be7b66505854de94f776502

SHA256
fa0e1fe18b312eedee61d50b5f7bd1fc03bcb2e54549629009995cc66dcc7e54

SHA512
e3f170df8e53a52b3ef3709267154479047c6b92a6765be3237481818040637c427ebd7077324e636c6d7c511df15372f25c09cbadef7e140e3be7e154097aa2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe

Filesize
184KB

MD5
153c3097602cbf15eb65fd4564eedaed

SHA1
8d19427f9e5a5f43d8136f39e39d30c7df8452c9

SHA256
4f9fa6b81d618efec8598b54087de857ce8a0da9f2a596028809a0da8d6263d2

SHA512
dcff1716fe5823d09081b4ddf2b304d84eba9a4ea9cd49594459a05310c746185e833e72c78a8c9cd5beb846de23452c020e65c9b53a71c53f2d7545e2c31fbf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53655.exe

Filesize
184KB

MD5
013a17409a1c2820139ec978840f07cd

SHA1
1dbfe79df82cbd17ded3f2bc2d0d618c99272404

SHA256
e9e912c3b316c0320ecd73af27775c923dd5b201c78d46e283a807fee86ed0ba

SHA512
3f6dfc4090fbf859adf1f6bcb9f8068cdf0d4dfb4d7c0d86f1426981ab371d3477b757c3f6eef12cd98d810f11aba42e9b11f74ad23776cdfe66c5d360211e3f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe

Filesize
184KB

MD5
a26366f872a293389654332b64b3c3da

SHA1
2e40c882e932e004f2667b7b50b70cd7ac692a48

SHA256
e2d8724a6a22973500c2860c2b26cf4898d10cec971237bb338b59b5502ad371

SHA512
a71a367d7ed72e11ae8017f944435493d6334d5fca3567517cdb984c1aadd20521a1157dcb6495fb59a9a4a73d6d5c135c7eca11352c893ffb3d5e04dc99c39d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe

Filesize
184KB

MD5
04338c6ae044b51fda547006bfac7e8c

SHA1
94ce5f5ff86ada5a3104df3cb1b031a1b24b99f2

SHA256
eb030fc9cc0e68d74c8220a37b612f0cb236d3a58a7cd0bebd139e305c7f1542

SHA512
7514b0a5f1cbc6275e4b1d06133c9bcd750724150cae1d096008dcd1ed58895f776d190613e63c3123f60efe73c8c27542061544a8516d3f19a25621f218d379

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64992.exe

Filesize
184KB

MD5
edf9f9f592bab0df72eb90ff25cfef43

SHA1
4c6008f1d328fcba1c8994f89281ce20ebcb290c

SHA256
fe4f7bf75c1f48829a444999e28380403c1d89f17931f7f9bbe2b62a8c1b90ce

SHA512
e3a6ea1e4afab25d305503cd1919c205876dadfc793e19e1686ec5701a7be19850e0fbb533c508196793fba876811f75740b1ac9403f37de727fde037a624d09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7187.exe

Filesize
184KB

MD5
f61ecb04ba6710eab414c18bf3bdb26f

SHA1
888c62bfd358cbc1f74069954b988a6078ef75c0

SHA256
de897bfa4281bf0b3de5627c07b8ef713ac396057ec84d32b5c57de7307d19eb

SHA512
aab1bb24d7d7dc6f7285a7c2acfb0bdda5c9a7416bcb4f55ced54b09cf16e0bf06bb99ede9c2425cab34a8cd62780bd7a84b8e95953db72d38a9709fd734563d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads