b162af40055192571c8564944ad00d03fade27565c4ff4108d6e61f830a76679

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe
Size

184KB
MD5

6b7efd3a43359a7a3cc3dc51be5d0cd0
SHA1

463f0b75bbcccc94e636a7f1e3ed76b120249082
SHA256

b162af40055192571c8564944ad00d03fade27565c4ff4108d6e61f830a76679
SHA512

419fa90252c6b6064ed58fcc8dff82d8f111e43e3b045b320a5543024b0539b046cbbe72724cc204ceacb8ff8add431227acd154cf31cf479f341122b8d2f044
SSDEEP

3072:wJa35xoThUOTjG4WepwM+tsIhlnViF4n3:wJ+o3HG4AM6sIhlnViF4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1396	Unicorn-16982.exe
3056	Unicorn-9776.exe
2400	Unicorn-55448.exe
2924	Unicorn-15920.exe
2548	Unicorn-31501.exe
2568	Unicorn-51367.exe
1760	Unicorn-34559.exe
2876	Unicorn-14693.exe
2560	Unicorn-17706.exe
2000	Unicorn-48759.exe
2608	Unicorn-3087.exe
1692	Unicorn-39645.exe
2064	Unicorn-23971.exe
2052	Unicorn-23753.exe
2756	Unicorn-34924.exe
2948	Unicorn-34924.exe
2316	Unicorn-56740.exe
532	Unicorn-27945.exe
776	Unicorn-16992.exe
1840	Unicorn-64.exe
2244	Unicorn-19930.exe
268	Unicorn-51163.exe
1888	Unicorn-18911.exe
1368	Unicorn-18911.exe
1856	Unicorn-63991.exe
1868	Unicorn-64700.exe
564	Unicorn-51898.exe
316	Unicorn-22911.exe
1200	Unicorn-12568.exe
2200	Unicorn-35222.exe
1508	Unicorn-3547.exe
1744	Unicorn-19929.exe
2712	Unicorn-48313.exe
2720	Unicorn-60783.exe
2680	Unicorn-25971.exe
2636	Unicorn-6105.exe
2772	Unicorn-1153.exe
916	Unicorn-57804.exe
2552	Unicorn-12132.exe
2836	Unicorn-24105.exe
3004	Unicorn-31377.exe
3036	Unicorn-36817.exe
2008	Unicorn-41803.exe
2016	Unicorn-43468.exe
304	Unicorn-27496.exe
1152	Unicorn-19602.exe
2880	Unicorn-18475.exe
1688	Unicorn-10581.exe
1768	Unicorn-9035.exe
2420	Unicorn-13486.exe
1824	Unicorn-22197.exe
1860	Unicorn-11729.exe
932	Unicorn-63660.exe
2496	Unicorn-46722.exe
2080	Unicorn-56053.exe
1044	Unicorn-19911.exe
856	Unicorn-39777.exe
1572	Unicorn-24632.exe
2060	Unicorn-7284.exe
2916	Unicorn-61593.exe
2556	Unicorn-15247.exe
2684	Unicorn-21316.exe
2780	Unicorn-37206.exe
2364	Unicorn-37206.exe

Loads dropped DLL 64 IoCs

pid	Process
2604	6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe
2604	6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe
1396	Unicorn-16982.exe
1396	Unicorn-16982.exe
2604	6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe
2604	6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe
2400	Unicorn-55448.exe
2400	Unicorn-55448.exe
1396	Unicorn-16982.exe
1396	Unicorn-16982.exe
3056	Unicorn-9776.exe
3056	Unicorn-9776.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
2924	Unicorn-15920.exe
2924	Unicorn-15920.exe
2400	Unicorn-55448.exe
2400	Unicorn-55448.exe
2568	Unicorn-51367.exe
2568	Unicorn-51367.exe
3056	Unicorn-9776.exe
3056	Unicorn-9776.exe
2548	Unicorn-31501.exe
2548	Unicorn-31501.exe
1444	WerFault.exe
1444	WerFault.exe
1444	WerFault.exe
1444	WerFault.exe
1444	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
1760	Unicorn-34559.exe
1760	Unicorn-34559.exe
2924	Unicorn-15920.exe
2924	Unicorn-15920.exe
2876	Unicorn-14693.exe
2876	Unicorn-14693.exe
2608	Unicorn-3087.exe
2000	Unicorn-48759.exe
2608	Unicorn-3087.exe
2000	Unicorn-48759.exe
2548	Unicorn-31501.exe
2548	Unicorn-31501.exe
2560	Unicorn-17706.exe
2560	Unicorn-17706.exe
2568	Unicorn-51367.exe
2568	Unicorn-51367.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
1800	WerFault.exe
1800	WerFault.exe
1800	WerFault.exe
1800	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2936	2604	WerFault.exe	27
3016	1396	WerFault.exe	28
1444	2400	WerFault.exe	30
2872	3056	WerFault.exe	29
948	2924	WerFault.exe	32
1800	2568	WerFault.exe	34
2348	2548	WerFault.exe	33
1600	1760	WerFault.exe	36
2980	2876	WerFault.exe	37
544	2608	WerFault.exe	40
2444	2000	WerFault.exe	39
1884	2560	WerFault.exe	38
2072	1692	WerFault.exe	43
2952	2064	WerFault.exe	44
380	2756	WerFault.exe	47
600	2948	WerFault.exe	46
572	2052	WerFault.exe	45
1096	776	WerFault.exe	50
1300	532	WerFault.exe	49
1084	2316	WerFault.exe	48
1556	1840	WerFault.exe	54
1864	2244	WerFault.exe	55
2252	268	WerFault.exe	56
2380	1888	WerFault.exe	57
1384	1868	WerFault.exe	60
2412	1368	WerFault.exe	58
2624	1856	WerFault.exe	59
2736	2200	WerFault.exe	64
2768	316	WerFault.exe	62
2692	1508	WerFault.exe	65
2728	1200	WerFault.exe	63
1324	564	WerFault.exe	61
2764	1744	WerFault.exe	69
1672	2720	WerFault.exe	73
1000	2680	WerFault.exe	74
1120	2712	WerFault.exe	72
1356	2636	WerFault.exe	75
3156	916	WerFault.exe	77
3216	2552	WerFault.exe	78
3288	1152	WerFault.exe	85
3280	304	WerFault.exe	84
3272	3004	WerFault.exe	80
3324	2008	WerFault.exe	82
3404	2836	WerFault.exe	79
3492	1768	WerFault.exe	88
3964	3036	WerFault.exe	81
4064	2880	WerFault.exe	86
3164	2016	WerFault.exe	83
3096	2420	WerFault.exe	95
3448	2496	WerFault.exe	101
3516	2780	WerFault.exe	113
3640	2884	WerFault.exe	115
3740	1824	WerFault.exe	98
3972	2572	WerFault.exe	112
3952	2688	WerFault.exe	110
4060	932	WerFault.exe	100
3140	2060	WerFault.exe	106
3584	856	WerFault.exe	104
3716	2916	WerFault.exe	107
4052	1640	WerFault.exe	138
3188	1708	WerFault.exe	139
3840	2232	WerFault.exe	142
1560	2364	WerFault.exe	111
4136	324	WerFault.exe	143

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2604	6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe
1396	Unicorn-16982.exe
2400	Unicorn-55448.exe
3056	Unicorn-9776.exe
2924	Unicorn-15920.exe
2548	Unicorn-31501.exe
2568	Unicorn-51367.exe
1760	Unicorn-34559.exe
2876	Unicorn-14693.exe
2560	Unicorn-17706.exe
2000	Unicorn-48759.exe
2608	Unicorn-3087.exe
1692	Unicorn-39645.exe
2064	Unicorn-23971.exe
2052	Unicorn-23753.exe
2756	Unicorn-34924.exe
2948	Unicorn-34924.exe
2316	Unicorn-56740.exe
532	Unicorn-27945.exe
776	Unicorn-16992.exe
1840	Unicorn-64.exe
2244	Unicorn-19930.exe
268	Unicorn-51163.exe
1888	Unicorn-18911.exe
1368	Unicorn-18911.exe
1856	Unicorn-63991.exe
1868	Unicorn-64700.exe
564	Unicorn-51898.exe
2200	Unicorn-35222.exe
1200	Unicorn-12568.exe
316	Unicorn-22911.exe
1508	Unicorn-3547.exe
1744	Unicorn-19929.exe
2712	Unicorn-48313.exe
2720	Unicorn-60783.exe
2680	Unicorn-25971.exe
2636	Unicorn-6105.exe
916	Unicorn-57804.exe
2836	Unicorn-24105.exe
2552	Unicorn-12132.exe
3036	Unicorn-36817.exe
3004	Unicorn-31377.exe
2008	Unicorn-41803.exe
2016	Unicorn-43468.exe
304	Unicorn-27496.exe
1152	Unicorn-19602.exe
2880	Unicorn-18475.exe
1688	Unicorn-10581.exe
1768	Unicorn-9035.exe
2420	Unicorn-13486.exe
1824	Unicorn-22197.exe
1860	Unicorn-11729.exe
932	Unicorn-63660.exe
2496	Unicorn-46722.exe
2080	Unicorn-56053.exe
856	Unicorn-39777.exe
1044	Unicorn-19911.exe
1572	Unicorn-24632.exe
2060	Unicorn-7284.exe
2916	Unicorn-61593.exe
2556	Unicorn-15247.exe
2684	Unicorn-21316.exe
2572	Unicorn-37206.exe
2688	Unicorn-37206.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 1396	2604	6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe	28
PID 2604 wrote to memory of 1396	2604	6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe	28
PID 2604 wrote to memory of 1396	2604	6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe	28
PID 2604 wrote to memory of 1396	2604	6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe	28
PID 1396 wrote to memory of 3056	1396	Unicorn-16982.exe	29
PID 1396 wrote to memory of 3056	1396	Unicorn-16982.exe	29
PID 1396 wrote to memory of 3056	1396	Unicorn-16982.exe	29
PID 1396 wrote to memory of 3056	1396	Unicorn-16982.exe	29
PID 2604 wrote to memory of 2400	2604	6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe	30
PID 2604 wrote to memory of 2400	2604	6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe	30
PID 2604 wrote to memory of 2400	2604	6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe	30
PID 2604 wrote to memory of 2400	2604	6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe	30
PID 2604 wrote to memory of 2936	2604	6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe	31
PID 2604 wrote to memory of 2936	2604	6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe	31
PID 2604 wrote to memory of 2936	2604	6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe	31
PID 2604 wrote to memory of 2936	2604	6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe	31
PID 2400 wrote to memory of 2924	2400	Unicorn-55448.exe	32
PID 2400 wrote to memory of 2924	2400	Unicorn-55448.exe	32
PID 2400 wrote to memory of 2924	2400	Unicorn-55448.exe	32
PID 2400 wrote to memory of 2924	2400	Unicorn-55448.exe	32
PID 1396 wrote to memory of 2548	1396	Unicorn-16982.exe	33
PID 1396 wrote to memory of 2548	1396	Unicorn-16982.exe	33
PID 1396 wrote to memory of 2548	1396	Unicorn-16982.exe	33
PID 1396 wrote to memory of 2548	1396	Unicorn-16982.exe	33
PID 3056 wrote to memory of 2568	3056	Unicorn-9776.exe	34
PID 3056 wrote to memory of 2568	3056	Unicorn-9776.exe	34
PID 3056 wrote to memory of 2568	3056	Unicorn-9776.exe	34
PID 3056 wrote to memory of 2568	3056	Unicorn-9776.exe	34
PID 1396 wrote to memory of 3016	1396	Unicorn-16982.exe	35
PID 1396 wrote to memory of 3016	1396	Unicorn-16982.exe	35
PID 1396 wrote to memory of 3016	1396	Unicorn-16982.exe	35
PID 1396 wrote to memory of 3016	1396	Unicorn-16982.exe	35
PID 2924 wrote to memory of 1760	2924	Unicorn-15920.exe	36
PID 2924 wrote to memory of 1760	2924	Unicorn-15920.exe	36
PID 2924 wrote to memory of 1760	2924	Unicorn-15920.exe	36
PID 2924 wrote to memory of 1760	2924	Unicorn-15920.exe	36
PID 2400 wrote to memory of 2876	2400	Unicorn-55448.exe	37
PID 2400 wrote to memory of 2876	2400	Unicorn-55448.exe	37
PID 2400 wrote to memory of 2876	2400	Unicorn-55448.exe	37
PID 2400 wrote to memory of 2876	2400	Unicorn-55448.exe	37
PID 2568 wrote to memory of 2560	2568	Unicorn-51367.exe	38
PID 2568 wrote to memory of 2560	2568	Unicorn-51367.exe	38
PID 2568 wrote to memory of 2560	2568	Unicorn-51367.exe	38
PID 2568 wrote to memory of 2560	2568	Unicorn-51367.exe	38
PID 3056 wrote to memory of 2000	3056	Unicorn-9776.exe	39
PID 3056 wrote to memory of 2000	3056	Unicorn-9776.exe	39
PID 3056 wrote to memory of 2000	3056	Unicorn-9776.exe	39
PID 3056 wrote to memory of 2000	3056	Unicorn-9776.exe	39
PID 2548 wrote to memory of 2608	2548	Unicorn-31501.exe	40
PID 2548 wrote to memory of 2608	2548	Unicorn-31501.exe	40
PID 2548 wrote to memory of 2608	2548	Unicorn-31501.exe	40
PID 2548 wrote to memory of 2608	2548	Unicorn-31501.exe	40
PID 2400 wrote to memory of 1444	2400	Unicorn-55448.exe	41
PID 2400 wrote to memory of 1444	2400	Unicorn-55448.exe	41
PID 2400 wrote to memory of 1444	2400	Unicorn-55448.exe	41
PID 2400 wrote to memory of 1444	2400	Unicorn-55448.exe	41
PID 3056 wrote to memory of 2872	3056	Unicorn-9776.exe	42
PID 3056 wrote to memory of 2872	3056	Unicorn-9776.exe	42
PID 3056 wrote to memory of 2872	3056	Unicorn-9776.exe	42
PID 3056 wrote to memory of 2872	3056	Unicorn-9776.exe	42
PID 1760 wrote to memory of 1692	1760	Unicorn-34559.exe	43
PID 1760 wrote to memory of 1692	1760	Unicorn-34559.exe	43
PID 1760 wrote to memory of 1692	1760	Unicorn-34559.exe	43
PID 1760 wrote to memory of 1692	1760	Unicorn-34559.exe	43

C:\Users\Admin\AppData\Local\Temp\6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b7efd3a43359a7a3cc3dc51be5d0cd0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17706.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27945.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12568.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
        9⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe
        10⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe
        11⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
        12⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6430.exe
        13⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        14⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 236
        14⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
        13⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 236
        12⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        11⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 216
        10⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3098.exe
        9⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33104.exe
        10⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53168.exe
        11⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        12⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
        13⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9312 -s 216
        13⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
        12⤵
        
        PID:10820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
        11⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
        10⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
        9⤵
        Program crash
        
        PID:3716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 216
        8⤵
        Program crash
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10581.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24377.exe
        8⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
        9⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19433.exe
        10⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7009.exe
        11⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64946.exe
        12⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37062.exe
        13⤵
        
        PID:10580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
        13⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
        12⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        11⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 236
        10⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
        9⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
        10⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        11⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
        12⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
        12⤵
        
        PID:11500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
        11⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        10⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
        9⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        8⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45475.exe
        9⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
        10⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        11⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        12⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3519.exe
        13⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
        12⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
        11⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
        10⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
        9⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 240
        7⤵
        Program crash
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35222.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43468.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35224.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
        9⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52201.exe
        10⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31940.exe
        11⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
        12⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
        13⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        14⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
        13⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        12⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
        11⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
        10⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12204.exe
        9⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        10⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 220
        11⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        10⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
        9⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17158.exe
        8⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
        9⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45668.exe
        10⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        11⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1682.exe
        12⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 216
        12⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 236
        11⤵
        
        PID:9420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        10⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
        9⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
        8⤵
        Program crash
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4511.exe
        7⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32070.exe
        9⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58258.exe
        10⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
        11⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
        12⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43150.exe
        13⤵
        
        PID:11332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10568 -s 236
        13⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
        12⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
        11⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        10⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
        9⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18930.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15977.exe
        9⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46744.exe
        10⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32791.exe
        11⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        12⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10676 -s 216
        12⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        11⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
        10⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        9⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 220
        8⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
        7⤵
        Program crash
        
        PID:2736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        6⤵
        Program crash
        
        PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        8⤵
        Executes dropped EXE
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19619.exe
        9⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26409.exe
        10⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
        11⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60734.exe
        12⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
        13⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 216
        13⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
        12⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
        11⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
        10⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 216
        9⤵
        Program crash
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        9⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        10⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37078.exe
        11⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37062.exe
        12⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61252.exe
        13⤵
        
        PID:13244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
        12⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
        11⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        10⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
        9⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 220
        8⤵
        Program crash
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14661.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
        9⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 216
        9⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 216
        8⤵
        Program crash
        
        PID:3640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 240
        7⤵
        Program crash
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12636.exe
        8⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9043.exe
        9⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42938.exe
        10⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
        11⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19111.exe
        12⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9508 -s 236
        12⤵
        
        PID:12356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 236
        11⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 236
        10⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
        9⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 216
        7⤵
        Program crash
        
        PID:3288
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
        6⤵
        Program crash
        
        PID:1096
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48759.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34924.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1153.exe
        7⤵
        Executes dropped EXE
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        9⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
        10⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
        11⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
        12⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
        12⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
        11⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        10⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
        9⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43182.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        9⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38685.exe
        10⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe
        11⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        12⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9372 -s 216
        12⤵
        
        PID:12308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 216
        11⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
        10⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        9⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        8⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
        7⤵
        Program crash
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57804.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47066.exe
        8⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe
        9⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
        10⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
        11⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 220
        12⤵
        
        PID:10912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        11⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
        10⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
        9⤵
        Program crash
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37741.exe
        9⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        10⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
        11⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28229.exe
        12⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 236
        12⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
        11⤵
        
        PID:10528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        10⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        9⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        8⤵
        Program crash
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31753.exe
        7⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
        8⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12521.exe
        9⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        10⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27907.exe
        11⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20037.exe
        12⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10748 -s 216
        12⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 216
        11⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
        10⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        9⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
        8⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 240
        7⤵
        Program crash
        
        PID:3156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 220
        6⤵
        Program crash
        
        PID:600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63991.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
        8⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        10⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20694.exe
        11⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20584.exe
        12⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
        12⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        11⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        10⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
        9⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2652.exe
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        10⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        11⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
        12⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
        11⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
        10⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        9⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        8⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        7⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11956.exe
        8⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
        9⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        10⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
        11⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 236
        11⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 236
        10⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        9⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 216
        8⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
        7⤵
        Program crash
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6928.exe
        6⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        7⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10763.exe
        9⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        10⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
        11⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15097.exe
        12⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 236
        11⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
        10⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
        9⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 236
        8⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31157.exe
        9⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32799.exe
        10⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 236
        10⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
        9⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
        8⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 220
        7⤵
        
        PID:4664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
        6⤵
        Program crash
        
        PID:2624
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
        5⤵
        Program crash
        
        PID:2444
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31501.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31501.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34924.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24105.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39416.exe
        8⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38366.exe
        9⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61559.exe
        10⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38043.exe
        11⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3764.exe
        12⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        13⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49442.exe
        14⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 216
        14⤵
        
        PID:12800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
        13⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        12⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        11⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 216
        10⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        10⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38685.exe
        11⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53019.exe
        12⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65436.exe
        13⤵
        
        PID:12868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
        12⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
        11⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        10⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
        9⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
        8⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        9⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32523.exe
        10⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
        11⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53446.exe
        12⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3155.exe
        13⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
        12⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
        11⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        10⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 236
        9⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
        8⤵
        Program crash
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50109.exe
        7⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31879.exe
        8⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53747.exe
        9⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
        10⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
        11⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25863.exe
        12⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 236
        12⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 236
        11⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        10⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
        9⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        9⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        10⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60297.exe
        11⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 236
        11⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 236
        10⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        9⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 220
        8⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
        7⤵
        Program crash
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16516.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58421.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        10⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62975.exe
        11⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        12⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 236
        12⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        11⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
        10⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 216
        9⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 216
        8⤵
        Program crash
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32523.exe
        9⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10140.exe
        10⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53019.exe
        11⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        12⤵
        
        PID:12944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
        11⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
        10⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        9⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
        8⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 220
        7⤵
        Program crash
        
        PID:3324
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
        6⤵
        Program crash
        
        PID:380
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
        5⤵
        Program crash
        
        PID:544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56740.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
        6⤵
        Program crash
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26794.exe
        6⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
        7⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
        8⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51859.exe
        9⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51464.exe
        10⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20911.exe
        11⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 236
        11⤵
        
        PID:11992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 236
        10⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        9⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
        8⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
        9⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
        10⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        11⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11308 -s 216
        11⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 216
        10⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
        9⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        8⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        7⤵
        
        PID:5780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
        6⤵
        Program crash
        
        PID:3492
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        5⤵
        Program crash
        
        PID:1084
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
      4⤵
      Program crash
      PID:2348
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:3016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55448.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55448.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19930.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56053.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe
        9⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
        10⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44375.exe
        11⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        12⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43957.exe
        13⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64379.exe
        14⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 216
        14⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
        13⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
        12⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        11⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
        10⤵
        Program crash
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58308.exe
        9⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
        10⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        11⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15837.exe
        12⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        13⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 216
        13⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 236
        12⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
        11⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
        10⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        9⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36474.exe
        8⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43724.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17188.exe
        10⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe
        11⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        12⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        13⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 216
        13⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
        12⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
        11⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        10⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        8⤵
        Program crash
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19911.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
        10⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        11⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        12⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
        13⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9316 -s 216
        13⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
        12⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        10⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
        9⤵
        Program crash
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60074.exe
        8⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
        9⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe
        10⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        11⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
        12⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11072 -s 216
        12⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
        11⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        10⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        9⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 240
        8⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        7⤵
        Program crash
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60783.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53325.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39808.exe
        9⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14930.exe
        10⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
        11⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11015.exe
        12⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56655.exe
        13⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
        13⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 236
        12⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
        11⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        10⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
        9⤵
        Program crash
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
        9⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
        10⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe
        11⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15726.exe
        12⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10152 -s 216
        12⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
        11⤵
        
        PID:10724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
        10⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
        9⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 220
        8⤵
        Program crash
        
        PID:4060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
        7⤵
        Program crash
        
        PID:1672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
        6⤵
        Program crash
        
        PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19929.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19810.exe
        8⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        9⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
        10⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45822.exe
        11⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
        12⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
        13⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
        14⤵
        
        PID:13028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
        13⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
        12⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        11⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 236
        10⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18602.exe
        9⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        10⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19126.exe
        11⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        12⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45556.exe
        13⤵
        
        PID:12656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10932 -s 220
        13⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
        12⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
        11⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        10⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
        9⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59648.exe
        9⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
        10⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
        11⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47525.exe
        12⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
        13⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10984 -s 216
        13⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
        12⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
        11⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
        10⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
        9⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        8⤵
        Program crash
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25084.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55171.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        9⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23326.exe
        10⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25554.exe
        11⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42398.exe
        12⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 216
        12⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 236
        11⤵
        
        PID:9612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
        10⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        9⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20501.exe
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44923.exe
        9⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27121.exe
        10⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        11⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
        11⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
        10⤵
        
        PID:10200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        9⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
        8⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
        7⤵
        Program crash
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22197.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41539.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe
        8⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
        9⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37662.exe
        10⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        11⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10176 -s 216
        11⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
        10⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        9⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
        8⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 236
        7⤵
        Program crash
        
        PID:3740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 240
        6⤵
        Program crash
        
        PID:1556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
        5⤵
        Program crash
        
        PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23971.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51163.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25971.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11729.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
        8⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe
        9⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe
        10⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46744.exe
        11⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19477.exe
        12⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21845.exe
        13⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
        13⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
        12⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        11⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
        10⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
        9⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3098.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        9⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65411.exe
        10⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        11⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
        12⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
        11⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
        10⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
        9⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
        8⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exe
        7⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8644.exe
        8⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        9⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45497.exe
        10⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe
        11⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12130.exe
        12⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 216
        12⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 216
        11⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
        10⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 236
        9⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 236
        8⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        7⤵
        Program crash
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46722.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        7⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5830.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29771.exe
        9⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
        10⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35636.exe
        11⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
        11⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 236
        10⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        9⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
        8⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
        7⤵
        Program crash
        
        PID:3448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
        6⤵
        Program crash
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        7⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63539.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
        9⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
        10⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2147.exe
        11⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        12⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 216
        12⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 216
        11⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
        10⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        9⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        8⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59529.exe
        7⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11698.exe
        8⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42320.exe
        9⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16407.exe
        10⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45505.exe
        11⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
        10⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        9⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 216
        8⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 240
        7⤵
        Program crash
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29074.exe
        6⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64860.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11698.exe
        8⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63027.exe
        9⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20080.exe
        10⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35196.exe
        11⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
        11⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 236
        10⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 236
        9⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        8⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
        7⤵
        
        PID:4348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        6⤵
        Program crash
        
        PID:1356
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
        5⤵
        Program crash
        
        PID:2952
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14693.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14693.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64700.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12132.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15247.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9468.exe
        8⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
        9⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
        10⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32731.exe
        11⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15535.exe
        12⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 236
        12⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
        11⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        10⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 236
        9⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22930.exe
        8⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        9⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        10⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        11⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
        12⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10284 -s 216
        12⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
        11⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
        10⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
        9⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34468.exe
        8⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        9⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38990.exe
        10⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46944.exe
        11⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51164.exe
        12⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 236
        12⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 236
        11⤵
        
        PID:10108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
        10⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        9⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
        8⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
        7⤵
        Program crash
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21316.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60455.exe
        7⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49475.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3016.exe
        9⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18222.exe
        10⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11137.exe
        11⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44981.exe
        12⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10460 -s 216
        12⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 216
        11⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        10⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        9⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
        7⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7692.exe
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20898.exe
        9⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23614.exe
        10⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40302.exe
        11⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 236
        11⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
        10⤵
        
        PID:10784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 236
        9⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
        8⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
        7⤵
        
        PID:4536
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
        6⤵
        Program crash
        
        PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        6⤵
        Executes dropped EXE
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        8⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41280.exe
        9⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55387.exe
        10⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
        11⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 216
        11⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 236
        10⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 236
        9⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        8⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 216
        7⤵
        Program crash
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
        6⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
        8⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
        9⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        10⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55846.exe
        11⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 216
        11⤵
        
        PID:12492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
        10⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 236
        9⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
        8⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 236
        7⤵
        
        PID:4648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 220
        6⤵
        Program crash
        
        PID:3272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
        5⤵
        Program crash
        
        PID:572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51898.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 220
        7⤵
        Program crash
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
        6⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        7⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        8⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        9⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        10⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 236
        10⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
        9⤵
        
        PID:10172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
        8⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 216
        7⤵
        
        PID:5408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 220
        6⤵
        Program crash
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4511.exe
        5⤵
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        6⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
        7⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14397.exe
        8⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
        9⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6771.exe
        10⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10336 -s 236
        10⤵
        
        PID:13268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
        9⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
        8⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        7⤵
        
        PID:6152
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 216
        6⤵
        
        PID:4144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 240
        5⤵
        Program crash
        
        PID:1324
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
      4⤵
      Program crash
      PID:2980
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1444
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
  2⤵
  - Program crash
  PID:2936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14693.exe

Filesize
184KB

MD5
48b0914af8af690ffb8bd7af2e8ce9e2

SHA1
d18c08bd0a09ceee3b1e12170982419e5892bd81

SHA256
07babe0c81a5c883a0f0e53d66e72cb1d05b7bdc16c652854201d851594504c1

SHA512
1d8ef2d773f6a7d95151e5617bc916f5f1a87fe920c98fa7a193592dce2db0d8352af226cbd6fa6f0f6a10bde36ca6a5506a9779252de75393b40654b1499423

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14930.exe

Filesize
184KB

MD5
acfda38534dd9c4f06ac533edb8a0fa7

SHA1
f24aa937b1bd120b8cba8d525053012c71f39f39

SHA256
a74b520517bc1b722ba2f25c30801eb58441d089ec4d43558ee732ba18e13a18

SHA512
15660e553f0de26e02b72b197b0a71b13e9f2da9c92acf424ffc2e88842775e635da4039468c96340d687f6d74318600b07c781b3f14dfa84c3b53a82bce5f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17706.exe

Filesize
184KB

MD5
1789679ded75c30564ebf8f1c6887b7a

SHA1
c9d6180932faaad0fc27f1a0c57f5a54f62726a5

SHA256
b84b7f4d2a031fc925239e9d24db08a5057a6b489a9d99f79c389884dd98e154

SHA512
7a92279246fd99a77b70f4756d0f61202bb117af777a9d0e1a33544ef9b787a7df96b723d415cdd269cc1c92129c136a74f3f06693063bb25a11ce897d787a79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23971.exe

Filesize
184KB

MD5
e26b8259db570f034a99ff4941e07d95

SHA1
922dfac960265c9fde3c493ff4d36d0edfedc9bc

SHA256
08af90618ea01a5656aea7446a568876ff1c99e693b6f3cdfee27b2e1f717702

SHA512
5e5b0a5fc98a9554ec035c33684647d7b8a06193e0ba1e00b97162add1bb27a3543d44534069289de5e2d9074ad66935522369ec673a8740013b7926cbe6a79b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe

Filesize
184KB

MD5
3c77cc984b55c715b8dc91402680cc69

SHA1
3e129833a0fe33fa2996c826fc97bd5f2a25505d

SHA256
8b9b24982c70c334e34bf496e5059bb39e7bfd1381d6a54159d58bec19b8f00f

SHA512
b0d8385f359a017bbe830c08742e672b98f233adfc7d7be971002d408ca79658ab46612633aec4d11a3e6b95682aba823b138bc4b4b99889069d1dca3e7dda1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe

Filesize
184KB

MD5
d1b334c0e89a77f50f3aa5e35c12b39f

SHA1
90a8e0432cc6cdf402412f546f88c5e44553a72b

SHA256
6b235fe30ad888259d97c474e2382d9c1fff3a993cffd655e396c8686266c479

SHA512
4e0c805f17d8495d4af681a06f3eb0c7c8953d8d0a59e6462c70aac1b3d874cc33bafdf811198aa83d3e746b1d8b5654a2e9931796cd149d6f6525d91fb90469

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38043.exe

Filesize
184KB

MD5
0452b4bc27d40f7a8e6543ef1576ce8c

SHA1
19339801132e312e56456d54b8d7d866c9ea00af

SHA256
b0c0bcdbadf2b57fb6623b0b859654b6c001522865ee87e0c4c9a7a50cb12e12

SHA512
3e158a91d6f1a6ceadb7f3e1bef2b9bd3655efa76d9fb20c0e52117268ecba1bd80e98d2dcda81f5d72773e5ce300e15e71712a35b95e4aeb9f15999883d0abb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44923.exe

Filesize
184KB

MD5
a4185a865df8674c0fe9fadeb9238d7e

SHA1
c8f906d63fccd858a9b7f62d9ecf203661b298a6

SHA256
4bac525c76bcbf5d549111a96d13ed7c64d92e266aba4df235386785956fe813

SHA512
7042865f2a4d82a92f3eeb950ca83107785ecd5fc0596ccb97fcd5bca0bc99fe53db535fa8af25134dad4e761f185a1d6d7d2b8addf7a20234bd9af68ebd0c66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55448.exe

Filesize
184KB

MD5
6a3656e13c679a3327b486349fb9945d

SHA1
dff0745411043e7b9ed0a2d9fee8b54696004c16

SHA256
bc81d11a3e10b0cac5796a449a364750058e6e7ac5772f83dc41b8773d925e1a

SHA512
f57cf1bdbf5dc3a56e3397b6543c4b6db54fcb9f173de080e8a02ee68312900166b7db6eedcb460677f2f5dee4a13b9aa3dbd764e258bf4363b6fd168aa179bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe

Filesize
184KB

MD5
60aaa7702d31e44b455f21cb19029963

SHA1
bbc2cd4874607e63c05d2d927f9308f4dcb1ba35

SHA256
966d652e4e5ec49d47321dbdd2405424ee2b8be64da4c294f0acf62a613b97ed

SHA512
5edf4822126a26fa6712547701effd4dfa1d5e994122f50effa33e5d08febe09a64403f1c035be609678f74b1cb3fc2e2fcf2ed3646b9f57e5eb09f5e753a9af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe

Filesize
184KB

MD5
92902bc50ea06acbb79cdd6d257696ed

SHA1
297efb6aa1465f87602fc7c5e1745ba5db2d7935

SHA256
4fef262f4109ab6cd80a6c0bc0fa0aa9ed73276940ab4b146785748adfb1539c

SHA512
3fea567ce7127fa0c51b27bbfd7f542911f86db8c61ae2fd65027194e8bfde8fcc993efd046b8b64959c222a2d42455019409e9ff013a07f916d9ece50af01b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe

Filesize
184KB

MD5
3eab62b71553327f3af0e915be3ec2a1

SHA1
bc3329e961e3347e247fc2ec3866f446d16c809e

SHA256
0f4d80ef3101b312596b3849dd9f9007e608dba38a7511d5fcd9b2507a6cb674

SHA512
c0e8fbd50449d81118721b222fcbd3e786f56065fb463ccf9513efb8ec0a1cac8542af346be4c3ac9c61fcd2e4f9fe1589093792832f822adcf55d10f97d69e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe

Filesize
184KB

MD5
9d7d1d5925a73d1f73581f4f993620ca

SHA1
bcd0205490478240eb0c3348a2d98bd7d69f9cf2

SHA256
6531d61c1c9b1ff3b25a4417bbf2ce593c95cc053d05caf4c11629228a469734

SHA512
7da88e8f570b2d16bdce3ca5bbcbf432378dda2f2e8da3d77ba2e8690cd66126b50e1d73cd44129a3275d5e17bebda866c384a2c9d906f7e6dd19011939c3ce1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31501.exe

Filesize
184KB

MD5
62129f9dfbecf85c728d8b7d2f131fde

SHA1
380ad5269c4cd9343a7e2a7a6d8dc2edab3093b1

SHA256
cffef49e682c2845a875cbee5975ec4a6d89ca4f3a758403bdb401273001f214

SHA512
e8cfe9bca134948e4805a775aa5b1510dc3ba5656cbb0bb8ae1b9e67619a99895291160c59be5f679353277b88fbec9c7844623018d373440abe6c0a4f6bd45a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe

Filesize
184KB

MD5
678aa3e866783d24f6c6d15e53c29915

SHA1
f4ad558474bda3a99a838866e0c9d6711cdc976b

SHA256
6f33cacb7ff7bd534479e2b629667018c8c4cd74ca78104214a6299ff38b7464

SHA512
0a21c23e92cea36555244d1be75fef5727c32ff8ef323e25bb7ae2588a6ac3279085fae1618e316fe40f4ac491a72671b9b2803f3d6d8c1070b4fd51bee7bf62

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe

Filesize
184KB

MD5
4f80cfdc96854df4b65c725b08d82e9c

SHA1
e76fe74ac221e5f13e7d4a3c2ac18f32942f529f

SHA256
03520d67eb38a9b60a65895be5f83976ef514e0354ce943f199c5c6a857a6f18

SHA512
93f98df23a4e2bbb308f7d44ccd7b7dda927048aea275df8bd4c83d7541de1e0cf7e576cf7951cb492b516a9b4d2ae3c631da11dfff40076c23849974ef9846d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48759.exe

Filesize
184KB

MD5
4000b116b783023fc187524712d2c0be

SHA1
cda86cd9b0cdf50249984313cd4dc2d8b481b3fe

SHA256
54e9a67d37728ed780cd47593ce65576722a871e3a4f25d55661a821f70192e0

SHA512
360543a2667718e02e37e25621471bdaf91f62f09b5a551a6fc85579d28b5009ee0981eb6312b10acb5fbcb5ad15efe1e14153577abed25217153ed36f628e1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe

Filesize
184KB

MD5
def62b6c05d7f2719436f934a5db4085

SHA1
ea4de85b5f23d9ee2c64d95c83bdb2994199da7c

SHA256
f5ab3c3e7745842b8b4cdd47ef99c74bbecb6aebef944189a5014ede5e19808d

SHA512
f8f1baaa311d62365cfa6fc01ba720fd6dd5ef1a2e8fa338956cb35155a943c65ade126fe94d576dccab7ce871bd913710f51d19e0302ef4e203850ebe848803

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads