69aceb755541346cc7b65dd856a7adb0dd723d6ce775be122f5b4bc750e243a3

Analysis

max time kernel
151s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 13:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe
Size

184KB
MD5

53d70a7dae63684ec33bad43edf7a820
SHA1

2e1ae3a0f98c051a91491eaf855716acc93fc59c
SHA256

69aceb755541346cc7b65dd856a7adb0dd723d6ce775be122f5b4bc750e243a3
SHA512

0f1e7485a08d4b1df7ae9d571cc959d1067513bc8d9ca1f25f2c066735bf41e1fd5cc7e4c4af9c43c2e2d25aba24dae385791359775fae45b23015802ae1e440
SSDEEP

3072:X3abDxob7yWTsG4WeEwDRQwshlnViFLnW:X3co3AG4PDCwshlnViFL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2596	Unicorn-1225.exe
2548	Unicorn-21489.exe
2652	Unicorn-44920.exe
2432	Unicorn-57473.exe
2544	Unicorn-3633.exe
480	Unicorn-39871.exe
568	Unicorn-35787.exe
892	Unicorn-28173.exe
1008	Unicorn-61765.exe
1252	Unicorn-48444.exe
2708	Unicorn-50068.exe
2216	Unicorn-8480.exe
684	Unicorn-62320.exe
2996	Unicorn-23722.exe
2312	Unicorn-20192.exe
2772	Unicorn-8345.exe
3000	Unicorn-16514.exe
1332	Unicorn-8900.exe
2012	Unicorn-4816.exe
2152	Unicorn-45102.exe
1336	Unicorn-57738.exe
1832	Unicorn-15767.exe
884	Unicorn-15767.exe
2748	Unicorn-16321.exe
1420	Unicorn-15959.exe
2276	Unicorn-24681.exe
1744	Unicorn-16452.exe
2020	Unicorn-17006.exe
1564	Unicorn-49124.exe
2352	Unicorn-56607.exe
1768	Unicorn-16644.exe
2536	Unicorn-57162.exe
2684	Unicorn-41148.exe
2532	Unicorn-33534.exe
1728	Unicorn-65325.exe
1616	Unicorn-53628.exe
1828	Unicorn-3872.exe
1040	Unicorn-7956.exe
1540	Unicorn-4427.exe
348	Unicorn-52497.exe
2028	Unicorn-48968.exe
1656	Unicorn-15548.exe
2236	Unicorn-48605.exe
1936	Unicorn-36907.exe
2200	Unicorn-61412.exe
1560	Unicorn-7572.exe
1604	Unicorn-3488.exe
2036	Unicorn-13555.exe
2072	Unicorn-29337.exe
2992	Unicorn-37505.exe
3048	Unicorn-49757.exe
2108	Unicorn-46228.exe
1748	Unicorn-4640.exe
1872	Unicorn-8895.exe
1752	Unicorn-32845.exe
2408	Unicorn-48854.exe
580	Unicorn-36410.exe
1756	Unicorn-48470.exe
1860	Unicorn-48470.exe
816	Unicorn-52554.exe
932	Unicorn-62393.exe
1956	Unicorn-62393.exe
2220	Unicorn-10177.exe
1972	Unicorn-9814.exe

Loads dropped DLL 64 IoCs

pid	Process
2104	53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe
2104	53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe
2104	53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe
2104	53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe
2548	Unicorn-21489.exe
2548	Unicorn-21489.exe
2548	Unicorn-21489.exe
2652	Unicorn-44920.exe
2548	Unicorn-21489.exe
2652	Unicorn-44920.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2544	Unicorn-3633.exe
2432	Unicorn-57473.exe
2432	Unicorn-57473.exe
2544	Unicorn-3633.exe
2652	Unicorn-44920.exe
2652	Unicorn-44920.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
568	Unicorn-35787.exe
892	Unicorn-28173.exe
2432	Unicorn-57473.exe
892	Unicorn-28173.exe
568	Unicorn-35787.exe
2432	Unicorn-57473.exe
2544	Unicorn-3633.exe
480	Unicorn-39871.exe
2544	Unicorn-3633.exe
480	Unicorn-39871.exe
2728	WerFault.exe
2728	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
2728	WerFault.exe
1512	WerFault.exe
2728	WerFault.exe
1512	WerFault.exe
2728	WerFault.exe
1512	WerFault.exe
1008	Unicorn-61765.exe
1008	Unicorn-61765.exe
568	Unicorn-35787.exe
568	Unicorn-35787.exe
1252	Unicorn-48444.exe
1252	Unicorn-48444.exe
2216	Unicorn-8480.exe
2216	Unicorn-8480.exe
480	Unicorn-39871.exe
480	Unicorn-39871.exe
892	Unicorn-28173.exe
892	Unicorn-28173.exe
684	Unicorn-62320.exe
684	Unicorn-62320.exe
2708	Unicorn-50068.exe
2708	Unicorn-50068.exe
1584	WerFault.exe
1584	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2768	2104	WerFault.exe	27
2824	2548	WerFault.exe	29
1736	2652	WerFault.exe	31
2728	2432	WerFault.exe	32
1512	2544	WerFault.exe	33
1584	568	WerFault.exe	36
1348	892	WerFault.exe	37
1144	480	WerFault.exe	35
2440	1008	WerFault.exe	39
2484	1252	WerFault.exe	40
2452	2216	WerFault.exe	43
3024	684	WerFault.exe	42
340	2708	WerFault.exe	41
2192	2312	WerFault.exe	47
1740	2996	WerFault.exe	46
3008	2772	WerFault.exe	48
2888	3000	WerFault.exe	49
1672	2012	WerFault.exe	51
2656	2152	WerFault.exe	52
2648	1332	WerFault.exe	50
2692	1336	WerFault.exe	53
680	1728	WerFault.exe	77
1788	2748	WerFault.exe	59
1924	884	WerFault.exe	58
1548	1744	WerFault.exe	63
1428	1832	WerFault.exe	57
3040	1616	WerFault.exe	79
944	1540	WerFault.exe	81
1136	2352	WerFault.exe	67
964	2020	WerFault.exe	64
1468	2028	WerFault.exe	83
1360	2684	WerFault.exe	70
748	1420	WerFault.exe	60
2240	1604	WerFault.exe	89
1720	1752	WerFault.exe	97
876	1936	WerFault.exe	86
1876	1656	WerFault.exe	84
3148	2036	WerFault.exe	90
3332	2408	WerFault.exe	106
3400	580	WerFault.exe	107
3460	2096	WerFault.exe	147
3572	816	WerFault.exe	111
3752	1040	WerFault.exe	80
3804	2200	WerFault.exe	87
3816	3048	WerFault.exe	93
3956	1756	WerFault.exe	109
3964	2532	WerFault.exe	71
4008	1564	WerFault.exe	65
4016	2236	WerFault.exe	85
4040	2992	WerFault.exe	91
4048	2072	WerFault.exe	92
4064	1748	WerFault.exe	95
4088	2108	WerFault.exe	94
4080	2536	WerFault.exe	69
3200	1872	WerFault.exe	96
3388	2276	WerFault.exe	62
3392	1768	WerFault.exe	68
3440	1860	WerFault.exe	110
3548	1956	WerFault.exe	112
3636	1828	WerFault.exe	78
3704	348	WerFault.exe	82
3236	1560	WerFault.exe	88
3824	2000	WerFault.exe	155
3508	2320	WerFault.exe	133

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2104	53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe
2548	Unicorn-21489.exe
2652	Unicorn-44920.exe
2432	Unicorn-57473.exe
2544	Unicorn-3633.exe
480	Unicorn-39871.exe
568	Unicorn-35787.exe
892	Unicorn-28173.exe
1008	Unicorn-61765.exe
1252	Unicorn-48444.exe
684	Unicorn-62320.exe
2216	Unicorn-8480.exe
2708	Unicorn-50068.exe
2996	Unicorn-23722.exe
2312	Unicorn-20192.exe
2772	Unicorn-8345.exe
3000	Unicorn-16514.exe
2012	Unicorn-4816.exe
1332	Unicorn-8900.exe
2152	Unicorn-45102.exe
1336	Unicorn-57738.exe
884	Unicorn-15767.exe
1832	Unicorn-15767.exe
2748	Unicorn-16321.exe
1420	Unicorn-15959.exe
2276	Unicorn-24681.exe
1744	Unicorn-16452.exe
2020	Unicorn-17006.exe
1564	Unicorn-49124.exe
2352	Unicorn-56607.exe
1768	Unicorn-16644.exe
2684	Unicorn-41148.exe
2536	Unicorn-57162.exe
2532	Unicorn-33534.exe
1728	Unicorn-65325.exe
1616	Unicorn-53628.exe
1040	Unicorn-7956.exe
1828	Unicorn-3872.exe
1540	Unicorn-4427.exe
348	Unicorn-52497.exe
2028	Unicorn-48968.exe
2236	Unicorn-48605.exe
1656	Unicorn-15548.exe
1604	Unicorn-3488.exe
2200	Unicorn-61412.exe
1936	Unicorn-36907.exe
1560	Unicorn-7572.exe
2992	Unicorn-37505.exe
3048	Unicorn-49757.exe
2036	Unicorn-13555.exe
2072	Unicorn-29337.exe
2108	Unicorn-46228.exe
1748	Unicorn-4640.exe
1872	Unicorn-8895.exe
1752	Unicorn-32845.exe
2408	Unicorn-48854.exe
580	Unicorn-36410.exe
1756	Unicorn-48470.exe
1860	Unicorn-48470.exe
816	Unicorn-52554.exe
932	Unicorn-62393.exe
1956	Unicorn-62393.exe
2220	Unicorn-10177.exe
1972	Unicorn-9814.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2596	2104	53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe	28
PID 2104 wrote to memory of 2596	2104	53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe	28
PID 2104 wrote to memory of 2596	2104	53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe	28
PID 2104 wrote to memory of 2596	2104	53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe	28
PID 2104 wrote to memory of 2548	2104	53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe	29
PID 2104 wrote to memory of 2548	2104	53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe	29
PID 2104 wrote to memory of 2548	2104	53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe	29
PID 2104 wrote to memory of 2548	2104	53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe	29
PID 2548 wrote to memory of 2652	2548	Unicorn-21489.exe	31
PID 2548 wrote to memory of 2652	2548	Unicorn-21489.exe	31
PID 2548 wrote to memory of 2652	2548	Unicorn-21489.exe	31
PID 2548 wrote to memory of 2652	2548	Unicorn-21489.exe	31
PID 2104 wrote to memory of 2768	2104	53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe	30
PID 2104 wrote to memory of 2768	2104	53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe	30
PID 2104 wrote to memory of 2768	2104	53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe	30
PID 2104 wrote to memory of 2768	2104	53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe	30
PID 2548 wrote to memory of 2432	2548	Unicorn-21489.exe	32
PID 2548 wrote to memory of 2432	2548	Unicorn-21489.exe	32
PID 2548 wrote to memory of 2432	2548	Unicorn-21489.exe	32
PID 2548 wrote to memory of 2432	2548	Unicorn-21489.exe	32
PID 2652 wrote to memory of 2544	2652	Unicorn-44920.exe	33
PID 2652 wrote to memory of 2544	2652	Unicorn-44920.exe	33
PID 2652 wrote to memory of 2544	2652	Unicorn-44920.exe	33
PID 2652 wrote to memory of 2544	2652	Unicorn-44920.exe	33
PID 2548 wrote to memory of 2824	2548	Unicorn-21489.exe	34
PID 2548 wrote to memory of 2824	2548	Unicorn-21489.exe	34
PID 2548 wrote to memory of 2824	2548	Unicorn-21489.exe	34
PID 2548 wrote to memory of 2824	2548	Unicorn-21489.exe	34
PID 2432 wrote to memory of 568	2432	Unicorn-57473.exe	36
PID 2432 wrote to memory of 568	2432	Unicorn-57473.exe	36
PID 2432 wrote to memory of 568	2432	Unicorn-57473.exe	36
PID 2432 wrote to memory of 568	2432	Unicorn-57473.exe	36
PID 2544 wrote to memory of 480	2544	Unicorn-3633.exe	35
PID 2544 wrote to memory of 480	2544	Unicorn-3633.exe	35
PID 2544 wrote to memory of 480	2544	Unicorn-3633.exe	35
PID 2544 wrote to memory of 480	2544	Unicorn-3633.exe	35
PID 2652 wrote to memory of 892	2652	Unicorn-44920.exe	37
PID 2652 wrote to memory of 892	2652	Unicorn-44920.exe	37
PID 2652 wrote to memory of 892	2652	Unicorn-44920.exe	37
PID 2652 wrote to memory of 892	2652	Unicorn-44920.exe	37
PID 2652 wrote to memory of 1736	2652	Unicorn-44920.exe	38
PID 2652 wrote to memory of 1736	2652	Unicorn-44920.exe	38
PID 2652 wrote to memory of 1736	2652	Unicorn-44920.exe	38
PID 2652 wrote to memory of 1736	2652	Unicorn-44920.exe	38
PID 892 wrote to memory of 1252	892	Unicorn-28173.exe	40
PID 892 wrote to memory of 1252	892	Unicorn-28173.exe	40
PID 892 wrote to memory of 1252	892	Unicorn-28173.exe	40
PID 892 wrote to memory of 1252	892	Unicorn-28173.exe	40
PID 568 wrote to memory of 1008	568	Unicorn-35787.exe	39
PID 568 wrote to memory of 1008	568	Unicorn-35787.exe	39
PID 568 wrote to memory of 1008	568	Unicorn-35787.exe	39
PID 568 wrote to memory of 1008	568	Unicorn-35787.exe	39
PID 2432 wrote to memory of 2708	2432	Unicorn-57473.exe	41
PID 2432 wrote to memory of 2708	2432	Unicorn-57473.exe	41
PID 2432 wrote to memory of 2708	2432	Unicorn-57473.exe	41
PID 2432 wrote to memory of 2708	2432	Unicorn-57473.exe	41
PID 2544 wrote to memory of 684	2544	Unicorn-3633.exe	42
PID 2544 wrote to memory of 684	2544	Unicorn-3633.exe	42
PID 2544 wrote to memory of 684	2544	Unicorn-3633.exe	42
PID 2544 wrote to memory of 684	2544	Unicorn-3633.exe	42
PID 480 wrote to memory of 2216	480	Unicorn-39871.exe	43
PID 480 wrote to memory of 2216	480	Unicorn-39871.exe	43
PID 480 wrote to memory of 2216	480	Unicorn-39871.exe	43
PID 480 wrote to memory of 2216	480	Unicorn-39871.exe	43

C:\Users\Admin\AppData\Local\Temp\53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\53d70a7dae63684ec33bad43edf7a820_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3633.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39871.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8480.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16452.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48605.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30811.exe
        10⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
        11⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3870.exe
        12⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        13⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55739.exe
        14⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3407.exe
        15⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
        15⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
        14⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 236
        13⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51016.exe
        12⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30659.exe
        13⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15660.exe
        14⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 236
        14⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
        13⤵
        
        PID:908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 220
        12⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 464 -s 216
        11⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
        10⤵
        Program crash
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
        9⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40681.exe
        10⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        11⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe
        12⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
        13⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        13⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
        12⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 216
        11⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
        10⤵
        Program crash
        
        PID:3508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
        9⤵
        Program crash
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33743.exe
        9⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11249.exe
        10⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29797.exe
        11⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        12⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        13⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
        13⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
        12⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
        11⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 216
        10⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
        9⤵
        Program crash
        
        PID:876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
        8⤵
        Program crash
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17006.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3488.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe
        9⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
        9⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        10⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        11⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
        12⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46479.exe
        13⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
        13⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        12⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        11⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
        10⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        9⤵
        Program crash
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
        9⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
        10⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
        11⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17691.exe
        12⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 236
        12⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        11⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        10⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
        9⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        8⤵
        Program crash
        
        PID:964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
        7⤵
        Program crash
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8900.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29337.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10582.exe
        9⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28328.exe
        10⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
        11⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        12⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
        13⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
        13⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 216
        12⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
        11⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 216
        10⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
        9⤵
        Program crash
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
        8⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27041.exe
        9⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        10⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
        11⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53682.exe
        12⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 216
        12⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        11⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        10⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 216
        9⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
        8⤵
        Program crash
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13555.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25767.exe
        8⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9002.exe
        9⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        10⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
        11⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33835.exe
        12⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53200.exe
        13⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
        12⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        11⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        10⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 216
        9⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
        8⤵
        Program crash
        
        PID:3148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
        7⤵
        Program crash
        
        PID:2648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 240
        6⤵
        Program crash
        
        PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56607.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
        9⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27425.exe
        10⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22584.exe
        11⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
        12⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe
        13⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 216
        13⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 236
        12⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
        11⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
        10⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
        9⤵
        Program crash
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
        8⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
        9⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe
        10⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
        11⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
        12⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12691.exe
        13⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
        12⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
        11⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
        10⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
        9⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        8⤵
        Program crash
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5154.exe
        8⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39101.exe
        9⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43580.exe
        10⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15781.exe
        11⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20927.exe
        12⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
        12⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 236
        11⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
        10⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
        9⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
        8⤵
        Program crash
        
        PID:4088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
        7⤵
        Program crash
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57162.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4640.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54355.exe
        8⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32926.exe
        9⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65344.exe
        10⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 220
        11⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
        10⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 216
        9⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
        8⤵
        Program crash
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50826.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        9⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1826.exe
        10⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52089.exe
        11⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 188
        12⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 236
        11⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
        10⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        9⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 216
        8⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 220
        7⤵
        Program crash
        
        PID:4080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 240
        6⤵
        Program crash
        
        PID:3024
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28173.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8345.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe
        10⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        11⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        12⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
        13⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36440.exe
        14⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
        14⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        13⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        12⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 216
        11⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
        10⤵
        Program crash
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        9⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41670.exe
        10⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        11⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
        12⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
        13⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 236
        13⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
        12⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
        11⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 216
        10⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 220
        9⤵
        Program crash
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48198.exe
        9⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        10⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        11⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
        12⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
        12⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        11⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        10⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
        9⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
        8⤵
        Program crash
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48968.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52554.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
        9⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        10⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        11⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8520.exe
        12⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37154.exe
        13⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 236
        13⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
        12⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        11⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 236
        10⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        9⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 220
        9⤵
        Program crash
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
        8⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        9⤵
        Program crash
        
        PID:3460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 220
        8⤵
        Program crash
        
        PID:1468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        7⤵
        Program crash
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24681.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15548.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
        8⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40222.exe
        9⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
        10⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22833.exe
        11⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55739.exe
        12⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11108.exe
        13⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
        13⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 236
        12⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 236
        11⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
        10⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
        9⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
        8⤵
        Program crash
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56254.exe
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
        9⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
        10⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5514.exe
        11⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 236
        11⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 216
        10⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        9⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
        8⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
        7⤵
        Program crash
        
        PID:3388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
        6⤵
        Program crash
        
        PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49124.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7572.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9814.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16888.exe
        9⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
        10⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64944.exe
        11⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6875.exe
        12⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        13⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        13⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
        12⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
        11⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 236
        10⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe
        9⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20944.exe
        10⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe
        11⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30361.exe
        12⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        12⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
        11⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        10⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
        9⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34354.exe
        8⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 220
        9⤵
        Program crash
        
        PID:3824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
        8⤵
        Program crash
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21634.exe
        8⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36180.exe
        9⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2589.exe
        10⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
        11⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
        11⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
        10⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        9⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
        8⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
        7⤵
        Program crash
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61412.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29659.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
        9⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4431.exe
        10⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20844.exe
        11⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 236
        11⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
        10⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
        9⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 216
        8⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
        7⤵
        Program crash
        
        PID:3804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        6⤵
        Program crash
        
        PID:1672
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
        5⤵
        Program crash
        
        PID:1348
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57473.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23722.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7956.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        10⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57539.exe
        11⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27649.exe
        12⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
        13⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 236
        13⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 236
        12⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
        11⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 216
        10⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 236
        9⤵
        Program crash
        
        PID:3752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
        8⤵
        Program crash
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7266.exe
        9⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe
        10⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        11⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
        12⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55970.exe
        13⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
        13⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
        12⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        11⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
        10⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
        9⤵
        Program crash
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9461.exe
        9⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        10⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55884.exe
        11⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 188
        12⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
        11⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        10⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        9⤵
        
        PID:3212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
        8⤵
        Program crash
        
        PID:944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
        7⤵
        Program crash
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe
        9⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16460.exe
        10⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42625.exe
        11⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38401.exe
        12⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        13⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
        14⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 216
        14⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
        13⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 236
        12⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
        11⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 216
        10⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
        9⤵
        Program crash
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
        8⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 220
        9⤵
        
        PID:3540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 220
        8⤵
        Program crash
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4443.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27041.exe
        9⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20918.exe
        10⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38967.exe
        11⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
        12⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 216
        12⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
        11⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        10⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 216
        9⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
        8⤵
        Program crash
        
        PID:3548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        7⤵
        Program crash
        
        PID:1788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 240
        6⤵
        Program crash
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 220
        8⤵
        Program crash
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13545.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
        9⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        10⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
        11⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2738.exe
        12⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 236
        11⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
        10⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
        9⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 236
        8⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 220
        7⤵
        Program crash
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53628.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48854.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
        8⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22926.exe
        9⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        10⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        11⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64403.exe
        12⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
        12⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
        11⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
        10⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
        9⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
        8⤵
        Program crash
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19881.exe
        7⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24921.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        9⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
        10⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
        11⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
        11⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        10⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
        9⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
        8⤵
        
        PID:3100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 220
        7⤵
        Program crash
        
        PID:3040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
        6⤵
        Program crash
        
        PID:2192
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57738.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49757.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6306.exe
        8⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
        9⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8146.exe
        10⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
        11⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32520.exe
        12⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 236
        12⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
        11⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
        10⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 216
        9⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 216
        8⤵
        Program crash
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        7⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19610.exe
        8⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10699.exe
        9⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12630.exe
        10⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3959.exe
        11⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
        11⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
        10⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
        9⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 236
        8⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
        7⤵
        Program crash
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8895.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9430.exe
        7⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
        9⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        10⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
        11⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 216
        11⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        10⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
        9⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 216
        8⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
        7⤵
        Program crash
        
        PID:3200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
        6⤵
        Program crash
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32845.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6306.exe
        7⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        8⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61244.exe
        9⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
        10⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65412.exe
        11⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
        11⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 236
        10⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        9⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 236
        8⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
        7⤵
        Program crash
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        6⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16267.exe
        7⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45448.exe
        8⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
        9⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
        10⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        11⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 236
        11⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
        10⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
        9⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        8⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 216
        7⤵
        
        PID:4472
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        6⤵
        Program crash
        
        PID:3964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        5⤵
        Program crash
        
        PID:340
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2728
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2824
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
  2⤵
  - Program crash
  PID:2768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11108.exe

Filesize
184KB

MD5
1b037c1e358598bc4673a9e4c9701994

SHA1
d4731fa5e8783b0baebf01822066e6ba4b8e91b4

SHA256
3eeb3d6c664841114e16b693973edf3a235ea8744f416a0ff9597b2af49cd6ea

SHA512
485be7b485b469bd9ba66f4ace55e277d5dc72df143671957293118a49e829b034ff316b8c1009965c2063d4e1141f756665d56465d77b3296c0b55e90fb2f90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30361.exe

Filesize
184KB

MD5
9990cf42ccb5b058b1811ca865ede55c

SHA1
a32404c6ea90dc6cef734d907b3e01d078993b6f

SHA256
826b0893ab14c99a336ebd9a20e7e1eb6b07e1f4e7d1bd3c1d654f3c2dec475e

SHA512
757162b03e23af91ca9da9e980b6338d516769898b45f9f0e905f01e0e91878635d6e570c05671f034721a10c8e74608d15fd767560e88853c070f1c6451d3e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe

Filesize
184KB

MD5
6f0f7b498d8a3d38658d10e509a88dfd

SHA1
fe8830a8aa31daab93be5f73fe65e1a3d967f911

SHA256
cfb53f14e09f439fde5cbd72740744f336d382adf29a7d48d3bc8ac0d3a00c58

SHA512
a95039c092000fab527b5c90ecf8fe743afc11d8f5d18d51522fb37263e98355fd56436c61fd6394e127cd99aa6ef98d144ae023e76a3b02e36b7c6df0775dc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39871.exe

Filesize
184KB

MD5
945affc9135a9a4ecb454ffbe0c77623

SHA1
c0aed3a852dd3597bd4cdf80b6b2b3461b1d313b

SHA256
3eb1ef45973fc4df04bf8773a347d3abea4bde697b68ca4857e203f51a802179

SHA512
d0618ce5cd6b9945d155e1ab96c1d94cb83894e6b38f61e9bb869a6ca9bd57c7c2b1a93772666add8971eb101923f60b41cf4f05e03fa3cf2a4b160212137f59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8480.exe

Filesize
184KB

MD5
854df8ae4cd86adf42df97e2d474cd65

SHA1
d1ca2576c516a312cabcfafc530504ac11f26625

SHA256
86132c161e9294d235360802f55fa0fef13e3b04970daaa03edc7b61dc6b4470

SHA512
0467d23bb5cfb7c2a3b9b3369408ab12bb2e1e550df7bf17ced8e3a6c7e5dbc66fde517d0ffac0891e328d701d88ca11af1621b636f003865ce5a6f2caa22063

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe

Filesize
184KB

MD5
c5d1f20cb7d66c31c5bec1e54196d56f

SHA1
ddaf819a48007b8c39bde937030fb6a16cdd4bab

SHA256
82d26dc816a23656f182f5c3808257647a251c81cdb4bcdb8db518ce7882fded

SHA512
acc5df54b50f2ce5f664ab4254c87d4a3d74bc02720f082f8436ad39f28bbd908a55dd98bd70ee91167b0643cf48f3e9ad4ff3b80ae05170b8988ef3d8ab969b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe

Filesize
184KB

MD5
d656ecd665b5951301285a9fe7d56905

SHA1
56b0e40b17686c09435204b7808c65688da22b60

SHA256
b5096a3f53c032d6fee5dd4bd8393da7f9c5132fb86ad4726823501a9bb580aa

SHA512
16cb309dc8cb887fe9d8847fb1be6b11ad618894c10e4e2985afe70b394bdf60bcdfd20ab32548bc468b3e396134f6345704c62a60d1e171a828157ec02495bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28173.exe

Filesize
184KB

MD5
7d8d73b17ff9c1e55ed5891b8b757a4e

SHA1
1c44cdf2e298349676a939b0ce02ad82c41a8e2e

SHA256
e383b03e33b7ba4360595d4f60aba6b2fa64df969d3e28eb3f4d1d7aac9d1523

SHA512
e074a46e60db49350a3368b6f2aa566ebcd37e3b374fa945e816ea7f011e47dfd365fc6217cf3dfa1d02c147b0d2ba7913dff28c8756489f0c997c19dc7be814

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3633.exe

Filesize
184KB

MD5
6111fc7ec874e4cddb239dd8348cf24b

SHA1
7c97b63ceaf42b1b30957e41a59717761a574bd0

SHA256
a3a8df90cd037938563ef03808842ea2ff35e715165d096165a2164df0e20c7d

SHA512
04711ad94545f30debe176bdc86206d010747f9a58f34501d96a938b1321b799eb84e34287f9cc625f43dc0bd98e7d2bc8f5ded64af218472dec81aa46854df6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe

Filesize
184KB

MD5
de0498d3b3cc37bad38403b697277fec

SHA1
71a5dae6e2229e62b52700e41b406461775422bf

SHA256
691809ae15e5288e3fbd15f81dcff872054ac3d8b68ce891d11a60569b061276

SHA512
06988a1504dc4ddfe3d3605982b1d35dac787660a5db5710459820c28a9411e80cd81f1b3bbfad9bfe31b286665bd77a6f294ff80e67e483e8e8638005c67d0d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe

Filesize
184KB

MD5
ea7bce230945d1298e6b2682b43966cc

SHA1
b0e115124ab7f502791c66ff3743442e85896473

SHA256
3f079040010fb7c6917add398375fe97e2f5653844155cf568d34515544d4f36

SHA512
51f37391247be2d08d8e824ecdaa7d9a1f27b694309a0500f48159f4fffd2c37e055f669e981bceaca327ec68e2913594f15d2cbc4f6d91ffc943a63ef5e9a85

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe

Filesize
184KB

MD5
54bf61541200761d82172f14e0350555

SHA1
55153cab255a3aa1a74d121452e4d49fe796cf79

SHA256
e55970346b830b9b50c71b762b73c10930e1223207fc355031dff5cf0902c469

SHA512
aaa02d423a22982abb5760b35d2b6a162f82499a69a7e33ef580a303b8794d62c6d418a4c5d13ba9358973aaeba7e9685b3692ad9e45ec76e579486818c76494

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57473.exe

Filesize
184KB

MD5
6c42e9f695294a8e7715452f25efafbb

SHA1
ff4000d29d63b42e63bf5cc1ed2d2f841d9a5738

SHA256
86c953aa018325b4964f1a801db28421b9e2d5768cac67593ba87cef0566b339

SHA512
847b5ac2ec851278e2f34d6e3395c60303d048a8092cce97c20e62858c6eec3d41eef0f271b6a5c5aa47c16a147a583834f8ad3f59f905f7e6cdafde053e2ea6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe

Filesize
184KB

MD5
c1d97e48f2ac0a4e476dab8d95805775

SHA1
9ea5c26fa1a3ba785850cb6e6099455704c47922

SHA256
ae43fc7f781172ee6f338c7a89dc84346ee98ccce5778e26c01cd807340ca6ce

SHA512
1e5659c202949b9b30157b106bdb440b5fcfe308aa7aba99a3585c0f82e7d2d5e436c3738a3f0b3d42ef0f6e24c43ba23b1e7a57c0651508aef1caec5abc10d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe

Filesize
184KB

MD5
5406ac2e1ebee7dab543f6aa7db542e8

SHA1
ea13f85a8cc8361b711b8aa56fa6913abeeb18fb

SHA256
e55b707a8a671e2b5a3aa70c6907d411cee68145abf34e70bf70e6b754e296df

SHA512
e0f2769f032735ee8bb2f14e84b8da0d5635a56199b99a0cf38847fe9692f00b5aeb5284f9a6b4187a2a266d7a1020c498e926f412f58ea2296d1add8436a6fc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads