0b26e3a3cc2e6edf3d84e913d43319a211e21c4fd6d6cab7a439ad0fe40fbe44

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 04:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe
Size

184KB
MD5

773e28f4291273369a57d9320ba7cd70
SHA1

0c4375ec44e093b683fa67616d288d766486278f
SHA256

0b26e3a3cc2e6edf3d84e913d43319a211e21c4fd6d6cab7a439ad0fe40fbe44
SHA512

89af7c946b5f30ac6f7d418b58ac048d7f83747bc7baa60567da0d8078eb6245227c1267918b8884d64ea768e12355b1885fd772b3ccdd1c6f40fcfe6b453bdc
SSDEEP

3072:uv7gj+oSdfaQdqGTee7dpNNPI44cIzCX3Hs/o5B2pEGhlnVOFx:uvtoHMqG1dbNPI0XFihlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2740	Unicorn-7710.exe
2556	Unicorn-9900.exe
2680	Unicorn-62116.exe
2728	Unicorn-20280.exe
2884	Unicorn-62936.exe
2424	Unicorn-52760.exe
784	Unicorn-12869.exe
1020	Unicorn-57773.exe
2868	Unicorn-58863.exe
2872	Unicorn-29014.exe
2008	Unicorn-42012.exe
2644	Unicorn-56567.exe
2672	Unicorn-37770.exe
308	Unicorn-58980.exe
2276	Unicorn-6634.exe
2784	Unicorn-58596.exe
2128	Unicorn-9587.exe
1728	Unicorn-55259.exe
2772	Unicorn-43521.exe
1672	Unicorn-30325.exe
1532	Unicorn-59961.exe
940	Unicorn-46085.exe
1076	Unicorn-15717.exe
300	Unicorn-12379.exe
2172	Unicorn-52447.exe
2184	Unicorn-18322.exe
2704	Unicorn-19391.exe
1608	Unicorn-30936.exe
2176	Unicorn-35343.exe
2220	Unicorn-19007.exe
2820	Unicorn-31813.exe
2152	Unicorn-64678.exe
2632	Unicorn-51539.exe
2440	Unicorn-34627.exe
2480	Unicorn-885.exe
1712	Unicorn-46557.exe
2832	Unicorn-47626.exe
524	Unicorn-1570.exe
324	Unicorn-14569.exe
2724	Unicorn-19168.exe
2700	Unicorn-58192.exe
776	Unicorn-54855.exe
1660	Unicorn-7154.exe
2020	Unicorn-21222.exe
1820	Unicorn-10911.exe
1380	Unicorn-40246.exe
2344	Unicorn-60304.exe
1760	Unicorn-43008.exe
2932	Unicorn-56500.exe
3008	Unicorn-42624.exe
2132	Unicorn-62525.exe
1920	Unicorn-9987.exe
1548	Unicorn-13516.exe
3052	Unicorn-57284.exe
1352	Unicorn-53947.exe
3016	Unicorn-37819.exe
1736	Unicorn-18145.exe
2624	Unicorn-5831.exe
2844	Unicorn-23787.exe
2712	Unicorn-23704.exe
868	Unicorn-23403.exe
3060	Unicorn-4030.exe
1664	Unicorn-53231.exe
2252	Unicorn-9863.exe

Loads dropped DLL 64 IoCs

pid	Process
2484	773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe
2484	773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe
2740	Unicorn-7710.exe
2740	Unicorn-7710.exe
2484	773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe
2484	773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe
2556	Unicorn-9900.exe
2556	Unicorn-9900.exe
2740	Unicorn-7710.exe
2740	Unicorn-7710.exe
2680	Unicorn-62116.exe
2680	Unicorn-62116.exe
1424	WerFault.exe
1424	WerFault.exe
1424	WerFault.exe
1424	WerFault.exe
1424	WerFault.exe
2884	Unicorn-62936.exe
2680	Unicorn-62116.exe
2884	Unicorn-62936.exe
2680	Unicorn-62116.exe
2728	Unicorn-20280.exe
2728	Unicorn-20280.exe
2424	Unicorn-52760.exe
2424	Unicorn-52760.exe
2556	Unicorn-9900.exe
2556	Unicorn-9900.exe
1796	WerFault.exe
1796	WerFault.exe
1796	WerFault.exe
1796	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1796	WerFault.exe
1816	WerFault.exe
784	Unicorn-12869.exe
2884	Unicorn-62936.exe
784	Unicorn-12869.exe
2884	Unicorn-62936.exe
2868	Unicorn-58863.exe
2868	Unicorn-58863.exe
2424	Unicorn-52760.exe
2424	Unicorn-52760.exe
2872	Unicorn-29014.exe
2872	Unicorn-29014.exe
2008	Unicorn-42012.exe
2008	Unicorn-42012.exe
2728	Unicorn-20280.exe
2728	Unicorn-20280.exe
1020	Unicorn-57773.exe
1020	Unicorn-57773.exe
548	WerFault.exe
548	WerFault.exe
548	WerFault.exe
548	WerFault.exe
548	WerFault.exe
2284	WerFault.exe
2284	WerFault.exe
2284	WerFault.exe
2284	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2652	2484	WerFault.exe	27
1424	2740	WerFault.exe	28
1796	2556	WerFault.exe	29
1816	2680	WerFault.exe	30
548	2884	WerFault.exe	33
2284	2728	WerFault.exe	32
1916	2424	WerFault.exe	34
1752	784	WerFault.exe	36
2548	2868	WerFault.exe	39
2756	2872	WerFault.exe	38
2532	2008	WerFault.exe	40
2736	1020	WerFault.exe	37
572	2832	WerFault.exe	76
1964	2644	WerFault.exe	43
1116	308	WerFault.exe	45
1224	2672	WerFault.exe	44
2900	2276	WerFault.exe	46
536	2784	WerFault.exe	47
2796	1728	WerFault.exe	49
1612	2128	WerFault.exe	48
1552	2772	WerFault.exe	50
2476	1532	WerFault.exe	55
2452	1672	WerFault.exe	54
2456	940	WerFault.exe	56
2164	300	WerFault.exe	58
592	1076	WerFault.exe	57
980	1380	WerFault.exe	86
1300	2132	WerFault.exe	91
1800	2220	WerFault.exe	64
1684	2700	WerFault.exe	80
1408	1712	WerFault.exe	74
1260	2152	WerFault.exe	66
240	524	WerFault.exe	77
1560	2724	WerFault.exe	79
2512	2440	WerFault.exe	73
2824	2932	WerFault.exe	89
2320	3016	WerFault.exe	104
2432	2176	WerFault.exe	65
3088	2172	WerFault.exe	59
3104	1352	WerFault.exe	98
3216	1920	WerFault.exe	92
3312	2020	WerFault.exe	84
3356	1548	WerFault.exe	93
3704	1608	WerFault.exe	63
3964	3008	WerFault.exe	90
3988	1760	WerFault.exe	88
4012	2632	WerFault.exe	71
4024	2344	WerFault.exe	87
4036	2184	WerFault.exe	60
4052	2820	WerFault.exe	62
4060	324	WerFault.exe	78
4084	3052	WerFault.exe	97
3128	2480	WerFault.exe	75
3156	2704	WerFault.exe	61
3160	1660	WerFault.exe	83
3172	1820	WerFault.exe	85
3448	1736	WerFault.exe	105
3484	776	WerFault.exe	81
3652	2936	WerFault.exe	130
3612	1664	WerFault.exe	117
3660	1788	WerFault.exe	147
3700	696	WerFault.exe	146
3772	2812	WerFault.exe	119
3816	868	WerFault.exe	115

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2484	773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe
2740	Unicorn-7710.exe
2556	Unicorn-9900.exe
2680	Unicorn-62116.exe
2884	Unicorn-62936.exe
2728	Unicorn-20280.exe
2424	Unicorn-52760.exe
784	Unicorn-12869.exe
1020	Unicorn-57773.exe
2868	Unicorn-58863.exe
2872	Unicorn-29014.exe
2008	Unicorn-42012.exe
2644	Unicorn-56567.exe
2672	Unicorn-37770.exe
308	Unicorn-58980.exe
2276	Unicorn-6634.exe
2784	Unicorn-58596.exe
1728	Unicorn-55259.exe
2772	Unicorn-43521.exe
2128	Unicorn-9587.exe
1672	Unicorn-30325.exe
1532	Unicorn-59961.exe
940	Unicorn-46085.exe
1076	Unicorn-15717.exe
300	Unicorn-12379.exe
2172	Unicorn-52447.exe
2704	Unicorn-19391.exe
2184	Unicorn-18322.exe
1608	Unicorn-30936.exe
2176	Unicorn-35343.exe
2220	Unicorn-19007.exe
2820	Unicorn-31813.exe
2152	Unicorn-64678.exe
2632	Unicorn-51539.exe
2440	Unicorn-34627.exe
2480	Unicorn-885.exe
2832	Unicorn-47626.exe
524	Unicorn-1570.exe
1712	Unicorn-46557.exe
324	Unicorn-14569.exe
2724	Unicorn-19168.exe
776	Unicorn-54855.exe
2700	Unicorn-58192.exe
1660	Unicorn-7154.exe
2020	Unicorn-21222.exe
1820	Unicorn-10911.exe
1380	Unicorn-40246.exe
2344	Unicorn-60304.exe
1760	Unicorn-43008.exe
2932	Unicorn-56500.exe
2132	Unicorn-62525.exe
3008	Unicorn-42624.exe
1920	Unicorn-9987.exe
1548	Unicorn-13516.exe
1352	Unicorn-53947.exe
3052	Unicorn-57284.exe
3016	Unicorn-37819.exe
1736	Unicorn-18145.exe
2624	Unicorn-5831.exe
2844	Unicorn-23787.exe
2812	Unicorn-56952.exe
1664	Unicorn-53231.exe
868	Unicorn-23403.exe
2712	Unicorn-23704.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2740	2484	773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe	28
PID 2484 wrote to memory of 2740	2484	773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe	28
PID 2484 wrote to memory of 2740	2484	773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe	28
PID 2484 wrote to memory of 2740	2484	773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe	28
PID 2740 wrote to memory of 2556	2740	Unicorn-7710.exe	29
PID 2740 wrote to memory of 2556	2740	Unicorn-7710.exe	29
PID 2740 wrote to memory of 2556	2740	Unicorn-7710.exe	29
PID 2740 wrote to memory of 2556	2740	Unicorn-7710.exe	29
PID 2484 wrote to memory of 2680	2484	773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe	30
PID 2484 wrote to memory of 2680	2484	773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe	30
PID 2484 wrote to memory of 2680	2484	773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe	30
PID 2484 wrote to memory of 2680	2484	773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe	30
PID 2484 wrote to memory of 2652	2484	773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe	31
PID 2484 wrote to memory of 2652	2484	773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe	31
PID 2484 wrote to memory of 2652	2484	773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe	31
PID 2484 wrote to memory of 2652	2484	773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe	31
PID 2556 wrote to memory of 2728	2556	Unicorn-9900.exe	32
PID 2556 wrote to memory of 2728	2556	Unicorn-9900.exe	32
PID 2556 wrote to memory of 2728	2556	Unicorn-9900.exe	32
PID 2556 wrote to memory of 2728	2556	Unicorn-9900.exe	32
PID 2740 wrote to memory of 2884	2740	Unicorn-7710.exe	33
PID 2740 wrote to memory of 2884	2740	Unicorn-7710.exe	33
PID 2740 wrote to memory of 2884	2740	Unicorn-7710.exe	33
PID 2740 wrote to memory of 2884	2740	Unicorn-7710.exe	33
PID 2680 wrote to memory of 2424	2680	Unicorn-62116.exe	34
PID 2680 wrote to memory of 2424	2680	Unicorn-62116.exe	34
PID 2680 wrote to memory of 2424	2680	Unicorn-62116.exe	34
PID 2680 wrote to memory of 2424	2680	Unicorn-62116.exe	34
PID 2740 wrote to memory of 1424	2740	Unicorn-7710.exe	35
PID 2740 wrote to memory of 1424	2740	Unicorn-7710.exe	35
PID 2740 wrote to memory of 1424	2740	Unicorn-7710.exe	35
PID 2740 wrote to memory of 1424	2740	Unicorn-7710.exe	35
PID 2884 wrote to memory of 784	2884	Unicorn-62936.exe	36
PID 2884 wrote to memory of 784	2884	Unicorn-62936.exe	36
PID 2884 wrote to memory of 784	2884	Unicorn-62936.exe	36
PID 2884 wrote to memory of 784	2884	Unicorn-62936.exe	36
PID 2680 wrote to memory of 1020	2680	Unicorn-62116.exe	37
PID 2680 wrote to memory of 1020	2680	Unicorn-62116.exe	37
PID 2680 wrote to memory of 1020	2680	Unicorn-62116.exe	37
PID 2680 wrote to memory of 1020	2680	Unicorn-62116.exe	37
PID 2728 wrote to memory of 2872	2728	Unicorn-20280.exe	38
PID 2728 wrote to memory of 2872	2728	Unicorn-20280.exe	38
PID 2728 wrote to memory of 2872	2728	Unicorn-20280.exe	38
PID 2728 wrote to memory of 2872	2728	Unicorn-20280.exe	38
PID 2424 wrote to memory of 2868	2424	Unicorn-52760.exe	39
PID 2424 wrote to memory of 2868	2424	Unicorn-52760.exe	39
PID 2424 wrote to memory of 2868	2424	Unicorn-52760.exe	39
PID 2424 wrote to memory of 2868	2424	Unicorn-52760.exe	39
PID 2556 wrote to memory of 2008	2556	Unicorn-9900.exe	40
PID 2556 wrote to memory of 2008	2556	Unicorn-9900.exe	40
PID 2556 wrote to memory of 2008	2556	Unicorn-9900.exe	40
PID 2556 wrote to memory of 2008	2556	Unicorn-9900.exe	40
PID 2556 wrote to memory of 1796	2556	Unicorn-9900.exe	41
PID 2556 wrote to memory of 1796	2556	Unicorn-9900.exe	41
PID 2556 wrote to memory of 1796	2556	Unicorn-9900.exe	41
PID 2556 wrote to memory of 1796	2556	Unicorn-9900.exe	41
PID 2680 wrote to memory of 1816	2680	Unicorn-62116.exe	42
PID 2680 wrote to memory of 1816	2680	Unicorn-62116.exe	42
PID 2680 wrote to memory of 1816	2680	Unicorn-62116.exe	42
PID 2680 wrote to memory of 1816	2680	Unicorn-62116.exe	42
PID 784 wrote to memory of 2644	784	Unicorn-12869.exe	43
PID 784 wrote to memory of 2644	784	Unicorn-12869.exe	43
PID 784 wrote to memory of 2644	784	Unicorn-12869.exe	43
PID 784 wrote to memory of 2644	784	Unicorn-12869.exe	43

C:\Users\Admin\AppData\Local\Temp\773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\773e28f4291273369a57d9320ba7cd70_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7710.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7710.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20280.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29014.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19391.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
        9⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
        10⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
        11⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1136.exe
        12⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        13⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37864.exe
        14⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 236
        14⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
        13⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 220
        12⤵
        
        PID:772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        11⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 216
        10⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
        9⤵
        Program crash
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22587.exe
        8⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48321.exe
        9⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe
        10⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        11⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55248.exe
        12⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
        12⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 236
        11⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
        10⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 216
        9⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
        8⤵
        Program crash
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21222.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58548.exe
        8⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58284.exe
        9⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
        10⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe
        11⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18078.exe
        12⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
        13⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
        13⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 236
        12⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        11⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        10⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
        9⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
        8⤵
        Program crash
        
        PID:3312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        7⤵
        Program crash
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31813.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42624.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7751.exe
        8⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62192.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
        10⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        11⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52051.exe
        12⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 216
        12⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 236
        11⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
        10⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 216
        9⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 216
        8⤵
        Program crash
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39198.exe
        7⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        8⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        9⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59603.exe
        10⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48808.exe
        11⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
        11⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 236
        10⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        9⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 216
        8⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        7⤵
        Program crash
        
        PID:4052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        6⤵
        Program crash
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18322.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        8⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
        9⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        10⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        11⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        12⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 236
        12⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
        11⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        10⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 216
        9⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 216
        8⤵
        Program crash
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37278.exe
        7⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14880.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe
        9⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        10⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35566.exe
        11⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55331.exe
        12⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
        12⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 236
        11⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
        10⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        9⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
        8⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
        7⤵
        Program crash
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56952.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56587.exe
        8⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        9⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
        10⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39915.exe
        11⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51621.exe
        12⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 216
        12⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
        11⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        10⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 216
        9⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 216
        8⤵
        Program crash
        
        PID:3772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 236
        7⤵
        Program crash
        
        PID:980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
        6⤵
        Program crash
        
        PID:2796
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43008.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42152.exe
        8⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16858.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
        10⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53850.exe
        11⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1965.exe
        12⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        13⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
        12⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        11⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
        10⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 216
        9⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
        8⤵
        Program crash
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56220.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6670.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe
        9⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe
        10⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13537.exe
        11⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50516.exe
        12⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 236
        12⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
        11⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
        10⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
        9⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 216
        8⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
        7⤵
        Program crash
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56500.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
        7⤵
        Executes dropped EXE
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
        8⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21350.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36637.exe
        10⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
        11⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        12⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
        11⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        10⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        9⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
        8⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
        7⤵
        Program crash
        
        PID:2824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        6⤵
        Program crash
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64678.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13516.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23704.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64636.exe
        8⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 240
        9⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        8⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 236
        7⤵
        Program crash
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7595.exe
        6⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41463.exe
        9⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        10⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5492.exe
        11⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
        11⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
        10⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        9⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        8⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 216
        7⤵
        
        PID:3584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
        6⤵
        Program crash
        
        PID:1260
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        5⤵
        Program crash
        
        PID:2532
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62936.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15749.exe
        8⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41180.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58475.exe
        10⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9143.exe
        11⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37243.exe
        12⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        13⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 236
        13⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
        12⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 236
        11⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        10⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
        9⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
        8⤵
        Program crash
        
        PID:2512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 216
        7⤵
        Program crash
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 188
        7⤵
        Program crash
        
        PID:572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
        6⤵
        Program crash
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51539.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57284.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        8⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 220
        9⤵
        Program crash
        
        PID:3652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
        8⤵
        Program crash
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48265.exe
        7⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
        10⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
        11⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 236
        11⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 236
        10⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        9⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 216
        8⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
        7⤵
        Program crash
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33346.exe
        7⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21350.exe
        9⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20877.exe
        10⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
        11⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        12⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
        12⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 236
        11⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
        10⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
        9⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
        8⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 216
        7⤵
        Program crash
        
        PID:3104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
        6⤵
        Program crash
        
        PID:2476
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 240
        5⤵
        Program crash
        
        PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37770.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46085.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16517.exe
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14880.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59243.exe
        9⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
        10⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        11⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        12⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
        12⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
        11⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
        10⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
        9⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 216
        8⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        7⤵
        Program crash
        
        PID:3128
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 236
        6⤵
        Program crash
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46557.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9479.exe
        6⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        7⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe
        9⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        10⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe
        11⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
        11⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
        10⤵
        
        PID:1184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
        9⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
        8⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 516 -s 216
        7⤵
        
        PID:1792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
        6⤵
        Program crash
        
        PID:1408
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        5⤵
        Program crash
        
        PID:1224
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:548
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58863.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1570.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37819.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        9⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        10⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53498.exe
        11⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11395.exe
        12⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47803.exe
        13⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24720.exe
        14⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
        13⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        12⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        11⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
        10⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 236
        9⤵
        Program crash
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42927.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
        9⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33841.exe
        10⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        11⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57704.exe
        12⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59898.exe
        13⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 236
        13⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
        12⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
        11⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
        10⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
        9⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 524 -s 240
        8⤵
        Program crash
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21216.exe
        8⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        9⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57888.exe
        10⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        11⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        12⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        13⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
        13⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
        12⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
        11⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        10⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 216
        9⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 216
        8⤵
        Program crash
        
        PID:3448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 240
        7⤵
        Program crash
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14569.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64958.exe
        8⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36256.exe
        10⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17210.exe
        11⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 236
        11⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 236
        10⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 236
        9⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 216
        8⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 216
        7⤵
        Program crash
        
        PID:4060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
        6⤵
        Program crash
        
        PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2593.exe
        7⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        8⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
        9⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31437.exe
        10⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
        11⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54558.exe
        12⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 236
        12⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 236
        11⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 236
        10⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
        9⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
        8⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        7⤵
        Program crash
        
        PID:1560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 236
        6⤵
        Program crash
        
        PID:2164
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        5⤵
        Program crash
        
        PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6634.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52447.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58192.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23787.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30173.exe
        8⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35093.exe
        9⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
        10⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        11⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
        12⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
        13⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 236
        13⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 236
        12⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
        11⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
        10⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 216
        9⤵
        Program crash
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13363.exe
        9⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        10⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30123.exe
        11⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
        12⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
        11⤵
        
        PID:3916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
        10⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
        9⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25683.exe
        7⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28044.exe
        9⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30368.exe
        10⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
        11⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32613.exe
        12⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
        11⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
        10⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
        9⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
        8⤵
        Program crash
        
        PID:3660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        7⤵
        Program crash
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
        6⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20027.exe
        8⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
        9⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52644.exe
        10⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        11⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 236
        11⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 236
        10⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 220
        9⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        8⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 216
        7⤵
        
        PID:4308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
        6⤵
        Program crash
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54855.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21216.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        9⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
        10⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
        11⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34019.exe
        12⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 236
        12⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
        11⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
        10⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        9⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
        8⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31053.exe
        9⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15873.exe
        10⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        11⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 216
        11⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
        10⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        9⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
        8⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        7⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8086.exe
        6⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26391.exe
        7⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27936.exe
        8⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21648.exe
        9⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7692.exe
        10⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 236
        10⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 236
        9⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        8⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 216
        7⤵
        
        PID:4204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
        6⤵
        Program crash
        
        PID:3484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
        5⤵
        Program crash
        
        PID:2900
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57773.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43521.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62525.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23403.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32144.exe
        9⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        10⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        11⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
        12⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
        12⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
        11⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
        10⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 216
        9⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 236
        8⤵
        Program crash
        
        PID:3816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 236
        7⤵
        Program crash
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53231.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26904.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
        8⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        9⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55587.exe
        10⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8959.exe
        11⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 236
        10⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        9⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
        8⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
        7⤵
        Program crash
        
        PID:3612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        6⤵
        Program crash
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
        6⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10043.exe
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63332.exe
        8⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        10⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55715.exe
        11⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
        11⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
        10⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
        9⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
        8⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
        7⤵
        
        PID:4364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
        6⤵
        Program crash
        
        PID:3216
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        5⤵
        Program crash
        
        PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60304.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57144.exe
        6⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
        8⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
        9⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
        10⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
        11⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
        11⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
        10⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
        9⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
        8⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe
        7⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30669.exe
        8⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
        9⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
        10⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 236
        10⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
        9⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
        8⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
        7⤵
        
        PID:5100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 236
        6⤵
        Program crash
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4030.exe
        5⤵
        Executes dropped EXE
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        6⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38752.exe
        8⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        9⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
        9⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 236
        8⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        7⤵
        
        PID:5564
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 216
        6⤵
        
        PID:4888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
        5⤵
        Program crash
        
        PID:3704
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 240
      4⤵
      Program crash
      PID:2736
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1816
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
  2⤵
  - Program crash
  PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-29014.exe

Filesize
184KB

MD5
88196e5e801d86d964c36faab8b933c9

SHA1
6f171fe4a596a50b5bf66e76fd376955eed2cb77

SHA256
2f63d9de7f3047216b6391ecf4b419712f80aa61781d319b3ef32cba95cd4e11

SHA512
9c7d8d126d824096f1f7a2b045ee5ac309e2ccb6fe11c1671d8e39c89cf51c62502f7ea944297ed00cefa3335a39aae7c9d1fb985f34885b9b2a61ae778947ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30123.exe

Filesize
184KB

MD5
5bce5f21e436c6e9aa2638c4e598218d

SHA1
6432e884532950c88ed30b2b5adf19c12e7b7909

SHA256
3ca4f7e4d1b6bf469d024ef131b09a4c5d5d538083e596aef90d202b032a90e8

SHA512
cf51f42575d7d88e291e2e4edd8ccb4aa7fe54242bfbee36aa2a92b0cdc91ca5632b1231fa70470994f8bb01a3a908dd98e2017d325953d0173f25196a4bf3f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe

Filesize
184KB

MD5
18d71a06223fb8372dea105ee600587e

SHA1
844ea1422487429ebd1de596499fb93a242e12c2

SHA256
32201f0c013ba718eeb600a19302ab9bff8aecd2299a68774e913e7bea83686b

SHA512
2ef5d267442b39f56fcae6b859d7432ef6355fb8d7b35e227735d8cd6d61fe8957741fe17e8a9eaa055389f2ef300bc13d22d5b6a2b5e2927ecbf0eb8ab2265d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe

Filesize
184KB

MD5
7d1b7e3929676bd0514765619c9e681a

SHA1
d3c2fe325f626046f3154b2a38737b9f2f4fafc7

SHA256
3d2bc1c43d8d0353923c9197132974cecfb43def78182073ee408ec7d48fff93

SHA512
348706283fb373d9887befa3831f729605748616c8ff14da3b5f319be9af910c772761ece1b25eb55a9a78203f2aa57402d48224dfbed232367acc2aa950817b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe

Filesize
184KB

MD5
0408ad7606c10cf4e8faac83c3899a79

SHA1
b506b60877c231d606a2f52016ac2c3dee4980ad

SHA256
9d1dc5e0f52bfddf8d3311a84f75de7b86fc7cc57c3aa778d5d9384c8dbad392

SHA512
e99ed7e0b364275babd7be84a73b8fb844df065adc2eca64c9d75421eea02918e7fcb3f4d6f29df1049f4323526f65ee3b896d45d071862198dc0937c4aa0a65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47803.exe

Filesize
184KB

MD5
983c1d676b0ff572e55c1146ef80a166

SHA1
29dd562da351329fe2c973360b78afc39b1fb933

SHA256
47ae540daa63502e5733c10aea49aae25f5ed853ef761bdfc0137737a2dcab23

SHA512
318bd25dd877e088bdf1a8e611e173043f6f4de08f7f1941a6a1f09bd862b9a913f81ea20fe0675211f4a8b3690279975a61770f69e77e0a374dfde7e9997dbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe

Filesize
184KB

MD5
c716b9c0f801f4d8ebb5ab49c5692f8f

SHA1
836b7d37dc515ebacfb86b593fb0aa9108c5d77e

SHA256
338cd55fae090b29044a866df438fcee816eebf4db547dfa65d9fd4fda3a9875

SHA512
479d97edf9c36a112e1ed16d28de3538ab98315643e9281fa9503bd48a79a6b6fd78b8f4d2d868a2d1cb151735b271c46394a8de33ba4fe9054b0e06e3c5cb2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55248.exe

Filesize
184KB

MD5
d9812b9d6b83e788cd471de6bcb42727

SHA1
afd674b53a3b881b24a9306e0c1a9407fe96361c

SHA256
e0ae4fc586d068e16d24e8381e60fefea98eed2f2c4ee216f85c40728634aff2

SHA512
84b8cb0d3e6c42c5822000641c82e838d742b91d62a9bd8391b683d29811bd491db67f6db5d803435d624a83006dc6fa1a03e600e29d36fe911eb0f09f393bb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57773.exe

Filesize
184KB

MD5
ffef6e37960b3e13c103707d925ddf07

SHA1
2a369c16b13ea2a381fd6a87abdd87f6dcb62e41

SHA256
fc0774460f9fa2773ffb063f95a5603be2873681bb8b6d79971c176d242fdf5d

SHA512
caebfb74379783392581390e9c444ce8d42b017644d61a1d9d241356f4201808faa8a186cf3e64f5fb167b53364d939fc783bcc56c5fc821e80fcf67911d69f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe

Filesize
184KB

MD5
892b132f2542e175e53fae6a9c8553a8

SHA1
cb2ad596ba31466d0af67c488e648a7011246952

SHA256
fd9ccad693ff0359c2c8bd0301e66215ed88f25fb50e198424593d41c26dc03a

SHA512
42e9c5f9ad8c860c03205e5e4c94c1753cb6fb8d5794cdecc35a26dbc8a5b0e035e254a1347e0ac11286ce9f91f003010195ba7fa60a409ece78870a4df2c250

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58863.exe

Filesize
184KB

MD5
417dc9e1349a0990b80cb8e02ac32af8

SHA1
c0fd3166406b2f481bb0443693ae9f38f853075b

SHA256
14a43f0b6a99c0d40a169f3580986011e14a99c5518c4447c9d81ab9afb86b1d

SHA512
7a3a7631d0778c85d8ceb6f387d90583a52824b4faaf77c67df88479d2a255ed9e3bcdbe29f06ae7932e393c8bc311d003cd06441ba6ecc0eea263a0faa0dd33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62936.exe

Filesize
184KB

MD5
b4f1c060c9524c91025de1a46170272b

SHA1
6d44d36dfaf569368a8598658a048163e2440eed

SHA256
0a89ccf4b31470df729ad1dab13cf8f6b235dc0baba85544e1320311f757082f

SHA512
c79499e643ed91fa0cc4ca06a1f8797beb9af067584943366fe5e12d3a815c68d607eaedd54e4efff255e9da6495078997e733118dbfb02ef0efac7fb31ce134

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe

Filesize
184KB

MD5
14c175568fdb1b911a60923299e02ecf

SHA1
e458412de4a871f95f3ddb4150a097c0a6e986cb

SHA256
f9b10284051f9ed8d7fdcbf31ce8502fe0d2efad50f01b83b4c83fbd0957c827

SHA512
0ca40c94d1fc14a04eebf1bc3b46fa8e74a075e420db46fb80fa87aaae26fcefa93217bdc8c84142e7b2df8be150235e2d659c9f84778a894c207b275b3b3ac8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20280.exe

Filesize
184KB

MD5
5edb4b573de91f2b62bde3abd0481938

SHA1
b98e335bee5754dca51506f154c9a344df3c23aa

SHA256
5baa9739bc1977c9f0391faaf560db11ddfa9771a7a70450b4de4a17beeb55af

SHA512
4738fb05e1a05c8c1ce6f43b42c635bebd01724c7280cf37251fafc4702a0412b1bbf2f8a99c2cbe8572788ad10b3979af14ec0e38d005b4aeacb6de153dc98f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37770.exe

Filesize
184KB

MD5
43788f378d726a81f57538d5f214d902

SHA1
9525059fe486c8bfbe4b0bbbf4cfedcb60efe5a6

SHA256
8ca83877dbb71423ded1368c6361e4c5cb15c1674d39e5e553ac9804ec1babd3

SHA512
5e163d73d6dc22b6c84526df9e839d24b21555244bee6c5184e560048b96620485a213e1b243adc4df0eb26689f298557f02ee8fa7f885686983ea92c989a043

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe

Filesize
184KB

MD5
fefb164d5350c830370adbd477bee51d

SHA1
cd1553ca794a1861a44f77d3caf4f6aa7922607c

SHA256
c91b0a69e66a31b96d67d0bc0179848e66a1349c70995072fc5b8a537b1a8e51

SHA512
e4d3f0e76cfe1b0d726137ac92195b60e7603a95f33e0a8523c29981da9d003be2603afda7d3cece992e9a63c81b7ddf497ecd27ec1d034a3d6a2116d0533220

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe

Filesize
184KB

MD5
bafa70906605f62554d68bc384a7e22c

SHA1
80668c5f33ecc525fb0d375dfddaac074b7eb690

SHA256
3be9340671448c489b239da5c6ef70f88dc3a933129797e8571d7d287032ddbd

SHA512
6fe9ed63578dcace581f07b6a1bd4cdf829a8beae2fe75980c51dbd6ed36f92e89cf516ebc0c4a59a57aa0ae2b35ef4e110b2ed8011df78233756797e4fb605d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe

Filesize
184KB

MD5
49cdabed5d252ecab31de6e31b58ea42

SHA1
07d5c3a3df97e8fe4ca98b14abebfa35c65b4843

SHA256
70008b1da745ba8567a2e6c778fd85002f140dfe5ab6a7e4be3b75d2330b7f58

SHA512
500c41908a95e851cb73a3a3fb8124af3d25e196b40e0ee3f9e13738037efde9e5f8497d61bb8645bbd7a215911a4862a05305ea1128a417d5ece24d1b2dcc60

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe

Filesize
184KB

MD5
569329d6ab6eda0ef2a5b1511f31d46f

SHA1
3d0e2cf422cb368a8377aa83aad273ab5f661ae9

SHA256
5bcedc419af644d5899b4aaa8b996981e87d0afda6e269dc91e4bd995f2b66d5

SHA512
3845c0a2eb09afdfa5bc2bbb1adb8b010b1279bd2ce5614921fae56f1463883735ad7f7e303ea8bfc8d05cac22fd8e308701e48268d475e0c331dde8b3ca6350

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7710.exe

Filesize
184KB

MD5
958bea4793d3970c5b390940b439b140

SHA1
c977f32bfcf75d40c15185fedc81b09bf4c32c26

SHA256
213dbdec3559e415d266e32705836448b00fc3a04ea980dceb1f125e80e93654

SHA512
799815e9b116f6fb10a701e09f62a2cc5680c031ab1132b2eb23d7c3abf82aeb16d968901d13ba44131a2177bbd8bd133c37da02556b051e967b0521151d4083

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe

Filesize
184KB

MD5
162c967192cf099db8cb6b97b5ab8103

SHA1
a0d0007bc6349efe39c7fe67af3b0d44afd3db96

SHA256
eee7e4a006228daef03e9bf1fd6c6009c404c326fd631d74cd3e06da043c350f

SHA512
f47cd8f525a11aed89cb0e8c428c24645951d908d41cea8113f30c508c1368cf1d84132ea67ddd844a7b7ed7114a95221672a40cee3413f481ccda0589692d0f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads