0cf31097c80eb7c2b7b5fc4c957450e088e169ec19084fa56bf3cbe8dcdbadaa

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 04:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe
Size

184KB
MD5

2e774ca9b4585f057242fb70bcec8be0
SHA1

d3c127ee3be0935f15ba929256e207714cfd443f
SHA256

0cf31097c80eb7c2b7b5fc4c957450e088e169ec19084fa56bf3cbe8dcdbadaa
SHA512

04e83ff8ac3f89e6039669145a35e69d07fe119189b5a8ab8efe2e96fece1eeee0f1a5b75f3026876c45a847ad0f2964a7ed434b1ec67f017e46974e3e5ef879
SSDEEP

3072:9PfSNRol3ue6RdVYeP5LTJLTXLB6dOFbs+YboMGHUX1tlnVOFj:9PKo1qdVlLVLTXxjhqtlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3024	Unicorn-39055.exe
2944	Unicorn-62485.exe
2516	Unicorn-58956.exe
2380	Unicorn-10565.exe
2544	Unicorn-25676.exe
2540	Unicorn-45350.exe
280	Unicorn-43399.exe
1644	Unicorn-48038.exe
1796	Unicorn-18511.exe
2632	Unicorn-6813.exe
2432	Unicorn-2174.exe
2144	Unicorn-20213.exe
1064	Unicorn-12044.exe
1492	Unicorn-24851.exe
2240	Unicorn-16491.exe
1360	Unicorn-20021.exe
2732	Unicorn-45101.exe
1784	Unicorn-20405.exe
2916	Unicorn-7638.exe
1548	Unicorn-51689.exe
1104	Unicorn-47968.exe
1072	Unicorn-51881.exe
892	Unicorn-44590.exe
820	Unicorn-35462.exe
1316	Unicorn-35462.exe
2024	Unicorn-40100.exe
2032	Unicorn-50729.exe
2088	Unicorn-56437.exe
2224	Unicorn-64797.exe
1812	Unicorn-50921.exe
2068	Unicorn-64605.exe
2396	Unicorn-42748.exe
2488	Unicorn-39218.exe
2556	Unicorn-51492.exe
2992	Unicorn-58508.exe
572	Unicorn-22114.exe
1476	Unicorn-13946.exe
1552	Unicorn-50148.exe
1196	Unicorn-55555.exe
1336	Unicorn-52836.exe
2320	Unicorn-40693.exe
1972	Unicorn-48861.exe
1248	Unicorn-61668.exe
1520	Unicorn-15805.exe
1252	Unicorn-49245.exe
1396	Unicorn-57413.exe
2060	Unicorn-53884.exe
2748	Unicorn-16381.exe
1764	Unicorn-4683.exe
2744	Unicorn-16381.exe
2932	Unicorn-4683.exe
1724	Unicorn-33314.exe
620	Unicorn-53521.exe
2004	Unicorn-48882.exe
2752	Unicorn-24186.exe
2212	Unicorn-20656.exe
3036	Unicorn-13194.exe
2408	Unicorn-44642.exe
2660	Unicorn-56147.exe
556	Unicorn-64315.exe
1864	Unicorn-52618.exe
2148	Unicorn-6946.exe
2636	Unicorn-64891.exe
1748	Unicorn-30875.exe

Loads dropped DLL 64 IoCs

pid	Process
2872	2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe
2872	2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe
3024	Unicorn-39055.exe
3024	Unicorn-39055.exe
2872	2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe
2872	2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe
2944	Unicorn-62485.exe
2944	Unicorn-62485.exe
3024	Unicorn-39055.exe
3024	Unicorn-39055.exe
2516	Unicorn-58956.exe
2516	Unicorn-58956.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2380	Unicorn-10565.exe
2380	Unicorn-10565.exe
2944	Unicorn-62485.exe
2944	Unicorn-62485.exe
2544	Unicorn-25676.exe
2516	Unicorn-58956.exe
2540	Unicorn-45350.exe
2544	Unicorn-25676.exe
2516	Unicorn-58956.exe
2540	Unicorn-45350.exe
1944	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
1960	WerFault.exe
1960	WerFault.exe
1960	WerFault.exe
1960	WerFault.exe
1960	WerFault.exe
280	Unicorn-43399.exe
280	Unicorn-43399.exe
1644	Unicorn-48038.exe
2380	Unicorn-10565.exe
1644	Unicorn-48038.exe
2380	Unicorn-10565.exe
1796	Unicorn-18511.exe
2544	Unicorn-25676.exe
2544	Unicorn-25676.exe
1796	Unicorn-18511.exe
2632	Unicorn-6813.exe
2632	Unicorn-6813.exe
2432	Unicorn-2174.exe
2432	Unicorn-2174.exe
2540	Unicorn-45350.exe
2540	Unicorn-45350.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe
944	WerFault.exe
944	WerFault.exe
944	WerFault.exe
944	WerFault.exe
1988	WerFault.exe
1988	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2624	2872	WerFault.exe	27
2836	3024	WerFault.exe	28
1944	2944	WerFault.exe	29
1960	2516	WerFault.exe	30
3056	2380	WerFault.exe	32
944	2540	WerFault.exe	34
1988	2544	WerFault.exe	33
3064	1644	WerFault.exe	37
2524	280	WerFault.exe	36
2648	1796	WerFault.exe	39
2508	2632	WerFault.exe	40
2652	2432	WerFault.exe	38
2980	2144	WerFault.exe	43
1288	2240	WerFault.exe	47
1868	1492	WerFault.exe	45
1088	1064	WerFault.exe	44
2216	2916	WerFault.exe	50
2244	1784	WerFault.exe	49
1768	1360	WerFault.exe	46
1604	2732	WerFault.exe	48
1652	556	WerFault.exe	109
1060	820	WerFault.exe	59
2008	2024	WerFault.exe	60
932	2068	WerFault.exe	65
1068	2088	WerFault.exe	62
2168	2224	WerFault.exe	63
532	1548	WerFault.exe	54
1704	892	WerFault.exe	57
2428	2032	WerFault.exe	61
2792	1072	WerFault.exe	56
940	2396	WerFault.exe	73
936	2488	WerFault.exe	74
2308	2556	WerFault.exe	75
240	1476	WerFault.exe	77
2388	1196	WerFault.exe	80
2888	2992	WerFault.exe	76
2120	1972	WerFault.exe	83
3400	1316	WerFault.exe	58
3408	1396	WerFault.exe	87
3424	1520	WerFault.exe	85
3704	2320	WerFault.exe	82
3812	1552	WerFault.exe	79
3820	1104	WerFault.exe	55
3868	1764	WerFault.exe	91
3932	572	WerFault.exe	78
3992	1248	WerFault.exe	84
4000	1812	WerFault.exe	64
4044	2744	WerFault.exe	90
3188	2056	WerFault.exe	117
3208	1748	WerFault.exe	114
3256	1724	WerFault.exe	96
3264	1368	WerFault.exe	120
3356	784	WerFault.exe	133
3364	2748	WerFault.exe	89
3508	2636	WerFault.exe	112
3536	2316	WerFault.exe	132
3572	1252	WerFault.exe	86
3608	1864	WerFault.exe	110
3612	2408	WerFault.exe	107
3628	1164	WerFault.exe	123
3760	1336	WerFault.exe	81
3836	1860	WerFault.exe	116
3276	2004	WerFault.exe	101
3336	1640	WerFault.exe	115

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2872	2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe
3024	Unicorn-39055.exe
2944	Unicorn-62485.exe
2516	Unicorn-58956.exe
2380	Unicorn-10565.exe
2544	Unicorn-25676.exe
2540	Unicorn-45350.exe
280	Unicorn-43399.exe
1644	Unicorn-48038.exe
1796	Unicorn-18511.exe
2632	Unicorn-6813.exe
2432	Unicorn-2174.exe
2144	Unicorn-20213.exe
1064	Unicorn-12044.exe
2240	Unicorn-16491.exe
1492	Unicorn-24851.exe
1360	Unicorn-20021.exe
2732	Unicorn-45101.exe
1784	Unicorn-20405.exe
2916	Unicorn-7638.exe
1548	Unicorn-51689.exe
1104	Unicorn-47968.exe
1072	Unicorn-51881.exe
892	Unicorn-44590.exe
820	Unicorn-35462.exe
2024	Unicorn-40100.exe
2224	Unicorn-64797.exe
1316	Unicorn-35462.exe
2088	Unicorn-56437.exe
2032	Unicorn-50729.exe
2068	Unicorn-64605.exe
1812	Unicorn-50921.exe
2396	Unicorn-42748.exe
2488	Unicorn-39218.exe
2556	Unicorn-51492.exe
2992	Unicorn-58508.exe
1476	Unicorn-13946.exe
572	Unicorn-22114.exe
1552	Unicorn-50148.exe
1196	Unicorn-55555.exe
1336	Unicorn-52836.exe
1972	Unicorn-48861.exe
2320	Unicorn-40693.exe
1248	Unicorn-61668.exe
1520	Unicorn-15805.exe
1252	Unicorn-49245.exe
1396	Unicorn-57413.exe
2748	Unicorn-16381.exe
1764	Unicorn-4683.exe
2060	Unicorn-53884.exe
2744	Unicorn-16381.exe
2932	Unicorn-4683.exe
1724	Unicorn-33314.exe
2004	Unicorn-48882.exe
620	Unicorn-53521.exe
2752	Unicorn-24186.exe
2212	Unicorn-20656.exe
3036	Unicorn-13194.exe
2408	Unicorn-44642.exe
556	Unicorn-64315.exe
2660	Unicorn-56147.exe
2148	Unicorn-6946.exe
1864	Unicorn-52618.exe
2636	Unicorn-64891.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 3024	2872	2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe	28
PID 2872 wrote to memory of 3024	2872	2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe	28
PID 2872 wrote to memory of 3024	2872	2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe	28
PID 2872 wrote to memory of 3024	2872	2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe	28
PID 3024 wrote to memory of 2944	3024	Unicorn-39055.exe	29
PID 3024 wrote to memory of 2944	3024	Unicorn-39055.exe	29
PID 3024 wrote to memory of 2944	3024	Unicorn-39055.exe	29
PID 3024 wrote to memory of 2944	3024	Unicorn-39055.exe	29
PID 2872 wrote to memory of 2516	2872	2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe	30
PID 2872 wrote to memory of 2516	2872	2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe	30
PID 2872 wrote to memory of 2516	2872	2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe	30
PID 2872 wrote to memory of 2516	2872	2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe	30
PID 2872 wrote to memory of 2624	2872	2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe	31
PID 2872 wrote to memory of 2624	2872	2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe	31
PID 2872 wrote to memory of 2624	2872	2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe	31
PID 2872 wrote to memory of 2624	2872	2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe	31
PID 2944 wrote to memory of 2380	2944	Unicorn-62485.exe	32
PID 2944 wrote to memory of 2380	2944	Unicorn-62485.exe	32
PID 2944 wrote to memory of 2380	2944	Unicorn-62485.exe	32
PID 2944 wrote to memory of 2380	2944	Unicorn-62485.exe	32
PID 3024 wrote to memory of 2544	3024	Unicorn-39055.exe	33
PID 3024 wrote to memory of 2544	3024	Unicorn-39055.exe	33
PID 3024 wrote to memory of 2544	3024	Unicorn-39055.exe	33
PID 3024 wrote to memory of 2544	3024	Unicorn-39055.exe	33
PID 2516 wrote to memory of 2540	2516	Unicorn-58956.exe	34
PID 2516 wrote to memory of 2540	2516	Unicorn-58956.exe	34
PID 2516 wrote to memory of 2540	2516	Unicorn-58956.exe	34
PID 2516 wrote to memory of 2540	2516	Unicorn-58956.exe	34
PID 3024 wrote to memory of 2836	3024	Unicorn-39055.exe	35
PID 3024 wrote to memory of 2836	3024	Unicorn-39055.exe	35
PID 3024 wrote to memory of 2836	3024	Unicorn-39055.exe	35
PID 3024 wrote to memory of 2836	3024	Unicorn-39055.exe	35
PID 2380 wrote to memory of 280	2380	Unicorn-10565.exe	36
PID 2380 wrote to memory of 280	2380	Unicorn-10565.exe	36
PID 2380 wrote to memory of 280	2380	Unicorn-10565.exe	36
PID 2380 wrote to memory of 280	2380	Unicorn-10565.exe	36
PID 2944 wrote to memory of 1644	2944	Unicorn-62485.exe	37
PID 2944 wrote to memory of 1644	2944	Unicorn-62485.exe	37
PID 2944 wrote to memory of 1644	2944	Unicorn-62485.exe	37
PID 2944 wrote to memory of 1644	2944	Unicorn-62485.exe	37
PID 2544 wrote to memory of 1796	2544	Unicorn-25676.exe	39
PID 2544 wrote to memory of 1796	2544	Unicorn-25676.exe	39
PID 2544 wrote to memory of 1796	2544	Unicorn-25676.exe	39
PID 2544 wrote to memory of 1796	2544	Unicorn-25676.exe	39
PID 2516 wrote to memory of 2632	2516	Unicorn-58956.exe	40
PID 2516 wrote to memory of 2632	2516	Unicorn-58956.exe	40
PID 2516 wrote to memory of 2632	2516	Unicorn-58956.exe	40
PID 2516 wrote to memory of 2632	2516	Unicorn-58956.exe	40
PID 2540 wrote to memory of 2432	2540	Unicorn-45350.exe	38
PID 2540 wrote to memory of 2432	2540	Unicorn-45350.exe	38
PID 2540 wrote to memory of 2432	2540	Unicorn-45350.exe	38
PID 2540 wrote to memory of 2432	2540	Unicorn-45350.exe	38
PID 2944 wrote to memory of 1944	2944	Unicorn-62485.exe	41
PID 2944 wrote to memory of 1944	2944	Unicorn-62485.exe	41
PID 2944 wrote to memory of 1944	2944	Unicorn-62485.exe	41
PID 2944 wrote to memory of 1944	2944	Unicorn-62485.exe	41
PID 2516 wrote to memory of 1960	2516	Unicorn-58956.exe	42
PID 2516 wrote to memory of 1960	2516	Unicorn-58956.exe	42
PID 2516 wrote to memory of 1960	2516	Unicorn-58956.exe	42
PID 2516 wrote to memory of 1960	2516	Unicorn-58956.exe	42
PID 280 wrote to memory of 2144	280	Unicorn-43399.exe	43
PID 280 wrote to memory of 2144	280	Unicorn-43399.exe	43
PID 280 wrote to memory of 2144	280	Unicorn-43399.exe	43
PID 280 wrote to memory of 2144	280	Unicorn-43399.exe	43

C:\Users\Admin\AppData\Local\Temp\2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2e774ca9b4585f057242fb70bcec8be0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62485.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10565.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43399.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20213.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51689.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42748.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        10⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        11⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
        12⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        13⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28211.exe
        14⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28298.exe
        15⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
        14⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
        13⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
        12⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
        11⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
        10⤵
        Program crash
        
        PID:3276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
        9⤵
        Program crash
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53521.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52821.exe
        9⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
        10⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
        11⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63954.exe
        12⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
        13⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
        13⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
        12⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
        11⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        10⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 236
        9⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        8⤵
        Program crash
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39218.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44077.exe
        9⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12603.exe
        10⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19940.exe
        11⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        12⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57930.exe
        13⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe
        14⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
        13⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
        12⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
        11⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        10⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 216
        9⤵
        Program crash
        
        PID:3256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
        8⤵
        Program crash
        
        PID:936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        7⤵
        Program crash
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47968.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51492.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        9⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
        10⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 216
        10⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
        9⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
        8⤵
        Program crash
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20656.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33849.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
        9⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10915.exe
        10⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30769.exe
        11⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15734.exe
        12⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 236
        12⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
        11⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        10⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
        9⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 216
        8⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
        7⤵
        Program crash
        
        PID:3820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 240
        6⤵
        Program crash
        
        PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24851.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58353.exe
        9⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29981.exe
        10⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        11⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2429.exe
        12⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62952.exe
        13⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
        13⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
        12⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 236
        11⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        10⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
        9⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
        8⤵
        Program crash
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52618.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35525.exe
        8⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51005.exe
        9⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        10⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
        11⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        12⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 236
        12⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 236
        11⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        10⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
        9⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 236
        8⤵
        Program crash
        
        PID:3608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
        7⤵
        Program crash
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19293.exe
        9⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13810.exe
        10⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        11⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47292.exe
        12⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
        13⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 236
        12⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 236
        11⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
        10⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
        9⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
        8⤵
        Program crash
        
        PID:3508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 236
        7⤵
        Program crash
        
        PID:2388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
        6⤵
        Program crash
        
        PID:1868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12044.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50921.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        8⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29796.exe
        9⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        10⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        11⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5726.exe
        12⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
        13⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
        14⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
        13⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        12⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        11⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 216
        10⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
        9⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
        8⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
        9⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21097.exe
        10⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
        11⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        12⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        13⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 236
        12⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        11⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
        10⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 236
        9⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        8⤵
        Program crash
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        7⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16247.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22768.exe
        9⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
        10⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
        11⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        12⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
        11⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
        10⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
        9⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 216
        8⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
        7⤵
        Program crash
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4683.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25696.exe
        7⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36153.exe
        8⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        9⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe
        10⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        11⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1597.exe
        12⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
        12⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 236
        11⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 236
        10⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
        9⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 236
        8⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
        7⤵
        Program crash
        
        PID:3868
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 240
        6⤵
        Program crash
        
        PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40693.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41456.exe
        7⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13794.exe
        9⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        10⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
        11⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2697.exe
        12⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
        12⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 236
        11⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 236
        10⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        9⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 216
        8⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
        7⤵
        Program crash
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37926.exe
        6⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
        8⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29509.exe
        9⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        10⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
        11⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9525.exe
        12⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
        11⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
        10⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        9⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
        8⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 236
        7⤵
        Program crash
        
        PID:3628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 220
        6⤵
        Program crash
        
        PID:2168
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        5⤵
        Program crash
        
        PID:3064
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22114.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 188
        8⤵
        Program crash
        
        PID:1652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
        7⤵
        Program crash
        
        PID:3932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 216
        6⤵
        Program crash
        
        PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56437.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13132.exe
        8⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
        9⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
        10⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
        11⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39918.exe
        12⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
        13⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
        12⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 236
        11⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
        10⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        9⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
        8⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 236
        7⤵
        Program crash
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59992.exe
        6⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51672.exe
        8⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50609.exe
        9⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        10⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40025.exe
        11⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 236
        11⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 236
        10⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 236
        9⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
        8⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        7⤵
        
        PID:3684
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        6⤵
        Program crash
        
        PID:1068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
        5⤵
        Program crash
        
        PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16491.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51881.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        8⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23022.exe
        9⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29457.exe
        10⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        11⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe
        12⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3985.exe
        13⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
        12⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 236
        11⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
        10⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
        9⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 216
        8⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
        7⤵
        Program crash
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44642.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60242.exe
        8⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23344.exe
        9⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
        10⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        11⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62044.exe
        12⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
        11⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 236
        10⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
        9⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        8⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
        7⤵
        Program crash
        
        PID:3612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 240
        6⤵
        Program crash
        
        PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13946.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
        8⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
        9⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        10⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
        11⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 236
        11⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 236
        10⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
        9⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
        8⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 216
        7⤵
        
        PID:3524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 236
        6⤵
        Program crash
        
        PID:240
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
        5⤵
        Program crash
        
        PID:1288
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1988
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58956.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58956.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20405.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35462.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52836.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
        8⤵
        Executes dropped EXE
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54684.exe
        9⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20388.exe
        10⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
        11⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39712.exe
        12⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe
        13⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
        14⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
        13⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
        12⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
        11⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 236
        10⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
        9⤵
        Program crash
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25754.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
        10⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9701.exe
        11⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30603.exe
        12⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        13⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 236
        12⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
        11⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        10⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
        9⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
        8⤵
        Program crash
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
        8⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        9⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37044.exe
        10⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
        11⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20593.exe
        12⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42797.exe
        13⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
        12⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        11⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
        10⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 216
        9⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
        8⤵
        Program crash
        
        PID:3336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 240
        7⤵
        Program crash
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
        7⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23355.exe
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29125.exe
        9⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe
        10⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        11⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        12⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 216
        12⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
        11⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
        10⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
        9⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 216
        8⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 236
        7⤵
        Program crash
        
        PID:3992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
        6⤵
        Program crash
        
        PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40100.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
        7⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61181.exe
        8⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32962.exe
        9⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 220
        10⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        9⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
        8⤵
        Program crash
        
        PID:3836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
        7⤵
        Program crash
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6214.exe
        6⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
        7⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        9⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
        10⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7468.exe
        11⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        12⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
        11⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
        10⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
        9⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 216
        8⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
        7⤵
        Program crash
        
        PID:3188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        6⤵
        Program crash
        
        PID:2008
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
        5⤵
        Program crash
        
        PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35462.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
        7⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        8⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53444.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        10⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        11⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
        12⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27556.exe
        13⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
        12⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
        11⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
        10⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 236
        9⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 236
        8⤵
        Program crash
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
        8⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5087.exe
        9⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
        10⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
        11⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27556.exe
        12⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
        11⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
        10⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
        9⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        8⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        7⤵
        Program crash
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
        6⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        7⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65014.exe
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
        9⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
        10⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        11⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 236
        11⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
        10⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
        9⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
        8⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
        7⤵
        
        PID:4384
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
        6⤵
        Program crash
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4683.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55161.exe
        6⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58981.exe
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
        9⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
        10⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7769.exe
        11⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42797.exe
        12⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
        11⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 236
        10⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
        9⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        8⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
        7⤵
        Program crash
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46988.exe
        6⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
        7⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        7⤵
        
        PID:5128
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
        6⤵
        
        PID:3172
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 220
        5⤵
        Program crash
        
        PID:2216
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6813.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
        7⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
        8⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11451.exe
        9⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
        10⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29829.exe
        11⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33743.exe
        12⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
        12⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 236
        11⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
        10⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
        9⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 236
        8⤵
        Program crash
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        7⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34861.exe
        8⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        9⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        10⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4583.exe
        11⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50939.exe
        12⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
        11⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 236
        10⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        9⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
        8⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
        7⤵
        Program crash
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
        6⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39966.exe
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19383.exe
        8⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe
        9⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28921.exe
        10⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57819.exe
        11⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 216
        11⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 236
        10⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
        9⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        8⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 216
        7⤵
        
        PID:3200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
        6⤵
        Program crash
        
        PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53884.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38156.exe
        7⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15530.exe
        8⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        9⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56105.exe
        10⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe
        11⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64421.exe
        12⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
        11⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 236
        10⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
        9⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 216
        8⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
        7⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33666.exe
        6⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        7⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        8⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
        9⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe
        10⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53497.exe
        11⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 236
        11⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
        10⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
        9⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
        8⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 216
        7⤵
        
        PID:4524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        6⤵
        
        PID:3928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        5⤵
        Program crash
        
        PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15805.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
        6⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14954.exe
        8⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11650.exe
        10⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
        11⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
        11⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 236
        10⤵
        
        PID:916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
        9⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        8⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 216
        7⤵
        
        PID:3924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
        6⤵
        Program crash
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        5⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
        6⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        7⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60645.exe
        8⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        9⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
        10⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
        10⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
        9⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
        8⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 216
        7⤵
        
        PID:4292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
        6⤵
        
        PID:3144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
        5⤵
        Program crash
        
        PID:932
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
      4⤵
      Program crash
      PID:2508
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1960
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
  2⤵
  - Program crash
  PID:2624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe

Filesize
184KB

MD5
5f41c7c35a3d0037e9c5a59be14bbc36

SHA1
71010025a3209c3077c4c8718a744f42f7e92867

SHA256
620689d10ee28785b00c048487ceff1503edf89a16d3f85e497845193e85534c

SHA512
582e5e0c7ce91ae8a7b7103414a32672d2c36be5e2b402c374ba60d13cd4fff329cd0125c885ceea0bc90fc4b0bf2bcd8ba273a12b1634e8ba64b4de6cb7174c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39966.exe

Filesize
184KB

MD5
5381001e5ca8ad0541e7635013eb865e

SHA1
fd45e2a1994e06710b9f43c757aa0945cf49ba1c

SHA256
21c91c6714577f649942741c3b867c9f99bbe1350e122e01978283bebeffdff0

SHA512
fd38d5ec2da695d17d964fcde54d39f9f951a9647afca019c3a306393d756c03c47265c9de9713c83166339661b874a1e80dfeb99121af8092442ac2803c8d04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40100.exe

Filesize
184KB

MD5
0219d047f2417ca2a23827595597c7bd

SHA1
c6d6a924f1b7c2a422bb548c6e2d78523c7bad97

SHA256
1157a660806eb2e6429bff4efb9cc5e11ab35d43f21f02806cd4e4da3e6ed4c4

SHA512
048798f6e4d732a256e9bce40d472806ecde19b08afcefbfafe05d4a5ffdd614e8fba144db30c0ef96ec842d74b33311a506eb53eac745c94889e9d62967788c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe

Filesize
184KB

MD5
0396652a0056e50a2a5631254dff7c8f

SHA1
d6816874221c3ae7797d45b0f69470c8653b1444

SHA256
4916d013f8fe4056186ffcdd4e0270ab36b3c442d15248e82a93fe0854497ceb

SHA512
b2a4ca937386a5a3c1934bda60d656a6596b7703ba0f0f71b3a40389b851078d9158fd29a106f9f0c877e0f9e92e9388da5961bd4c965de59121f556cb8f0ea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63954.exe

Filesize
184KB

MD5
bc2f98f668d7c15581a107d41ddc8a27

SHA1
fd19f3ad0dd80191276b1ea52a99d84eea3454eb

SHA256
7f72c89314fb9e95a2c4d115cec7094f2e5a8a8e5f89c49c769ffb22fc0fd50f

SHA512
2951a1c5300a5d67521a18416638085fa7f4e989630cb39df1b9ea9879f91d691a4880490ec69628033da5de8e7e026130e82dd6f8638ae6e786c61bfc601bf1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10565.exe

Filesize
184KB

MD5
85371e5026fa19ece2d22627e14af7ac

SHA1
255d7bbfb1e02e7d2dca156f4f5ce7b9ba05bc5b

SHA256
226bf1d703e54c7c409537500c9129d2da69163e35e282980aa5c3abaf34431d

SHA512
e488dddcd2963b8b0fceb2e7b17729dc2434af80fe0945cf7accef86d58b76b483dd0223fe6f1eef4d9e92dd97e1a3f515789165b049d8ad7ad208ba3252aa6a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12044.exe

Filesize
184KB

MD5
5eed56a7b9f234eb1a4f69db3f8764d6

SHA1
25783dbc408c4e6e86c280a2f80ad172fa458afa

SHA256
a1fe4fe956059f70ee52d315203c7f17c91a18d3ca99da692356bee451e9260c

SHA512
3df8238d704c0868ac3bbaf59330cabee732380aa8d8c4d2fcdb38a1c2e2601eb92353d3d4244c8f345fd408b687face120d32cdd7ad8898c897d87987649c33

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe

Filesize
184KB

MD5
f4ab065bc27e86462df63a08da1f59ac

SHA1
d26231c05b92af260987f9694e51fc40ab703455

SHA256
10c86a3e50921ba44debfcd1bca35d596cb3df1e529bcf173689e4376eb1b0aa

SHA512
0441c44bd10849bdb34b782e40a818cc9eb6ef5e3669e689c5755328f769ce4f1dec88d7c1ed433eecab5bdbe0ce1d409e895bb565bee6715e63eb2a8f186dc7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20213.exe

Filesize
184KB

MD5
ee58c7b503300bc47d299540905d9bc4

SHA1
5d09edd045d9f89362ac900883b8357e3eba6935

SHA256
da008ae22f0dea704a677ac2f1c3bf477908f6ab55b608a923aac2b9f8aef595

SHA512
ee2a7c69f046ae8297903168a742fab5e80d52c51ec829c2ad611dc177582a9aedbdfbf4ba5ecec575f8df0e34ccff8712f8a7382513f85e5701331e5272f275

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe

Filesize
184KB

MD5
30db8ba3b2b7e1ff3a4e108078968ef9

SHA1
46755991f3e7fafd9a13ecc022b7658e161d0438

SHA256
9e7cddbec3e81ee7a3703448fa20968077e5b6c07e21abd549c024cda824269e

SHA512
ecd0ad39a5e6d254a7d3f91169aa7ef83fd6711b8d572480669d568c27f9ba126605820780ed4bbe3a77a9e6f82efaf2b1ea660178f1061a1cbd7528ded89d2e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24851.exe

Filesize
184KB

MD5
59bc8b78c073f7a6999e94873c8cc485

SHA1
731243fbe5ceffc08f22ae4657e5e9d2fe485ef3

SHA256
7cb6351b5413796b3abd0312c669cb444cc2d6ecc6f89a30ae5d65933e997b20

SHA512
98116ffa523e5417e83fd3f5a96843dea6b5ab65093e041389eab7dee7da5151afc9806f9a7fa7fb2e6e819720a61818d48dce71c2e6120d443493714489b335

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe

Filesize
184KB

MD5
fa9abbe5d728bcf30bcdfef159dd6c74

SHA1
19294f1868feb9cb68fa62fa73a70eb1a8fcb755

SHA256
0ddc610f8cd02b885bac0e8f63ac33949e4c6c362798e08c985324e831d10b70

SHA512
b072d1fbc438816476dd057fdcc132b6c842a97ed5da18c3d643aba741eeb247f1ae292286f1e15be84057097a383224c3b5ad0c7db73c8f46b6b70b6eac00d0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43399.exe

Filesize
184KB

MD5
d8f52ec85735d4c76f4ee25f4d8ee6ea

SHA1
9775342f7dd4344d1d2bf15ea9dcf5a9310a2172

SHA256
3f09664262dcbf0ad7e41c4122bb912923ebc9e97162d346cbc76316ccdd18d6

SHA512
a6b36477c26547bd9c863af1346c62c95fd09f1e451e88083eb1b995d1c9145c1729ce6d34417f107454768679a016718ddb251adfcf39003b667da2a3232a73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe

Filesize
184KB

MD5
228caa20e537a12f81dabdb7a55a8d36

SHA1
22ac94e3fecfc777405357f5ceb94efa342aa6a3

SHA256
4ee70dae77d1ed2598f7aa8c79bbcd1946659f0a064d92ee7450b703cda6c2b5

SHA512
1e2bd1418928193ecc61a9a1c9cdc742415ffe07d42a0aadc95887429ddc9ce7389de04a82667bf822106edd4d92d0775459263570a6db4e4156af4da9985fff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58956.exe

Filesize
184KB

MD5
cc77747795ddba52f17453adaef44141

SHA1
4cf6944b1f36c3e176ededeb9250f8af5ccaf526

SHA256
3c1ecdd7ddcfa5f206651640a95dd5e7d6869592caf0f76ec9471b25aa8301ad

SHA512
e679b5afdfc85a37891bbd143858222861e9c3870152ce68d9f7f2b930a87d90ce7f1e25c556bbc3adca7a8e57e94da52a8ff3d0dbf49811946cebd689d39393

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62485.exe

Filesize
184KB

MD5
c921dea8e085a432d2d2ee01e3fff002

SHA1
f9e164fb6baad8d36f4683461f043d6725d45056

SHA256
bd831e11c186cf6e58ca58bc434887e7735b47a71b6501c95865ff85cd61d3ee

SHA512
c4eaef9bed710edea07089924aef365280d849dc8f618960291481a75241328da01f7e0d0932591b4a0ec07b8b11fe527ce5426419d27b1f546fd1ebc6e0e27b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6813.exe

Filesize
184KB

MD5
507e095437f6ffbe8abaa56c497d2d25

SHA1
fceacdfc453c62c15ccf4b03efc284929ae62c95

SHA256
9cb092f6dd4b188a16093d57112da2e2f69680092a491707eea80e13d0fd6fed

SHA512
c5599df46d24a6e4b0b5d3f02ef34a5f364d42e0cb5e98a85d4f1935034246e24257d3f9dbab72e9554828d2c172c7a7bbab3733f1e0dfc9e0f1a3b1cf96d0ae

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads