4e148b616abe6987440aa9f16aa7814737d8ba2776728c4e141980c96271bfc0

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe
Size

184KB
MD5

1af128fd8d5d55b42aaf3d5affeab270
SHA1

63fea8a5f1a091ec46ae9917803f5ac22dcd27d3
SHA256

4e148b616abe6987440aa9f16aa7814737d8ba2776728c4e141980c96271bfc0
SHA512

4cdc8d8269ce9349e9bc107f2c05640c802d0e876ce0138487eb7584f0a2bfd7dfa5b90e3fe170186e8da1f947f444bec8885021a4201ab5671ff29913b18386
SSDEEP

3072:Trvbpxo67JOTdV4Wewv/+KsjhlnViFEn3:Tr3o3BV4A/9sjhlnViFE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
320	Unicorn-61365.exe
2712	Unicorn-20572.exe
2564	Unicorn-706.exe
2280	Unicorn-55465.exe
2684	Unicorn-64188.exe
2596	Unicorn-49243.exe
2308	Unicorn-11500.exe
1388	Unicorn-57172.exe
2992	Unicorn-7971.exe
2724	Unicorn-27837.exe
1056	Unicorn-23753.exe
1964	Unicorn-6129.exe
1068	Unicorn-43632.exe
2072	Unicorn-63498.exe
2164	Unicorn-10213.exe
2104	Unicorn-38802.exe
268	Unicorn-18936.exe
336	Unicorn-34718.exe
592	Unicorn-45579.exe
2052	Unicorn-63581.exe
1752	Unicorn-4821.exe
1332	Unicorn-53275.exe
1856	Unicorn-30717.exe
332	Unicorn-57359.exe
2208	Unicorn-55221.exe
908	Unicorn-37493.exe
2336	Unicorn-545.exe
1920	Unicorn-16327.exe
880	Unicorn-47053.exe
3008	Unicorn-27187.exe
2184	Unicorn-12242.exe
1596	Unicorn-53830.exe
2692	Unicorn-11412.exe
2668	Unicorn-18189.exe
2512	Unicorn-29887.exe
2488	Unicorn-38609.exe
2440	Unicorn-58475.exe
2820	Unicorn-9274.exe
2816	Unicorn-54946.exe
2972	Unicorn-17443.exe
1812	Unicorn-17997.exe
2412	Unicorn-29695.exe
876	Unicorn-23473.exe
2380	Unicorn-34333.exe
2740	Unicorn-50115.exe
1940	Unicorn-19088.exe
2096	Unicorn-19088.exe
2044	Unicorn-43269.exe
1716	Unicorn-43269.exe
2080	Unicorn-60997.exe
2276	Unicorn-8781.exe
2884	Unicorn-2237.exe
1572	Unicorn-46306.exe
1028	Unicorn-18272.exe
2228	Unicorn-54474.exe
1192	Unicorn-54474.exe
3052	Unicorn-24302.exe
2212	Unicorn-5273.exe
3040	Unicorn-46861.exe
2176	Unicorn-56420.exe
2628	Unicorn-48252.exe
2432	Unicorn-26248.exe
2452	Unicorn-11303.exe
2444	Unicorn-48807.exe

Loads dropped DLL 64 IoCs

pid	Process
2340	1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe
2340	1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe
320	Unicorn-61365.exe
320	Unicorn-61365.exe
2340	1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe
2340	1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe
2712	Unicorn-20572.exe
2712	Unicorn-20572.exe
320	Unicorn-61365.exe
320	Unicorn-61365.exe
2564	Unicorn-706.exe
2564	Unicorn-706.exe
2960	WerFault.exe
2960	WerFault.exe
2960	WerFault.exe
2960	WerFault.exe
2960	WerFault.exe
2712	Unicorn-20572.exe
2280	Unicorn-55465.exe
2712	Unicorn-20572.exe
2280	Unicorn-55465.exe
2564	Unicorn-706.exe
2596	Unicorn-49243.exe
2564	Unicorn-706.exe
2596	Unicorn-49243.exe
2684	Unicorn-64188.exe
2684	Unicorn-64188.exe
1440	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
1700	WerFault.exe
1440	WerFault.exe
1700	WerFault.exe
2308	Unicorn-11500.exe
2308	Unicorn-11500.exe
2280	Unicorn-55465.exe
2280	Unicorn-55465.exe
1388	Unicorn-57172.exe
1388	Unicorn-57172.exe
2724	Unicorn-27837.exe
2724	Unicorn-27837.exe
2992	Unicorn-7971.exe
2992	Unicorn-7971.exe
2596	Unicorn-49243.exe
1056	Unicorn-23753.exe
2596	Unicorn-49243.exe
1056	Unicorn-23753.exe
2684	Unicorn-64188.exe
2684	Unicorn-64188.exe
1988	WerFault.exe
1988	WerFault.exe
1988	WerFault.exe
1988	WerFault.exe
1988	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
420	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2580	2340	WerFault.exe	27
2960	320	WerFault.exe	28
1440	2712	WerFault.exe	29
1700	2564	WerFault.exe	30
1988	2280	WerFault.exe	32
1528	2596	WerFault.exe	34
420	2684	WerFault.exe	33
1640	2308	WerFault.exe	36
1628	1388	WerFault.exe	37
2840	2724	WerFault.exe	39
2644	2992	WerFault.exe	38
2688	1056	WerFault.exe	40
2292	1964	WerFault.exe	43
2948	1068	WerFault.exe	44
1768	2072	WerFault.exe	45
888	2104	WerFault.exe	47
1248	592	WerFault.exe	50
2220	2164	WerFault.exe	46
692	268	WerFault.exe	48
1980	336	WerFault.exe	49
2400	2380	WerFault.exe	83
1536	2052	WerFault.exe	54
2000	1752	WerFault.exe	55
2792	1332	WerFault.exe	56
2772	1856	WerFault.exe	57
2272	2208	WerFault.exe	60
704	332	WerFault.exe	58
1104	2336	WerFault.exe	61
640	908	WerFault.exe	59
1012	1920	WerFault.exe	62
2128	2184	WerFault.exe	65
1796	3008	WerFault.exe	64
608	1596	WerFault.exe	66
2332	880	WerFault.exe	63
3400	2692	WerFault.exe	71
3488	2512	WerFault.exe	74
3516	2440	WerFault.exe	76
4000	1716	WerFault.exe	88
4048	2668	WerFault.exe	73
3164	1940	WerFault.exe	85
3196	2276	WerFault.exe	90
3376	1812	WerFault.exe	80
3384	876	WerFault.exe	82
3452	2044	WerFault.exe	87
3468	2412	WerFault.exe	81
3504	2884	WerFault.exe	91
3532	2096	WerFault.exe	86
3540	1572	WerFault.exe	94
3572	2820	WerFault.exe	77
3652	2816	WerFault.exe	78
3716	2452	WerFault.exe	110
3812	1560	WerFault.exe	127
3820	2972	WerFault.exe	79
3888	3040	WerFault.exe	106
3920	2212	WerFault.exe	105
4032	2316	WerFault.exe	116
4056	2444	WerFault.exe	111
4084	2432	WerFault.exe	109
3156	1028	WerFault.exe	96
3408	836	WerFault.exe	122
3496	1732	WerFault.exe	130
3596	2352	WerFault.exe	128
3620	3044	WerFault.exe	129
3804	1608	WerFault.exe	126

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2340	1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe
320	Unicorn-61365.exe
2712	Unicorn-20572.exe
2564	Unicorn-706.exe
2280	Unicorn-55465.exe
2596	Unicorn-49243.exe
2684	Unicorn-64188.exe
1388	Unicorn-57172.exe
2308	Unicorn-11500.exe
2992	Unicorn-7971.exe
1056	Unicorn-23753.exe
2724	Unicorn-27837.exe
1964	Unicorn-6129.exe
1068	Unicorn-43632.exe
2072	Unicorn-63498.exe
2164	Unicorn-10213.exe
2104	Unicorn-38802.exe
268	Unicorn-18936.exe
336	Unicorn-34718.exe
592	Unicorn-45579.exe
2052	Unicorn-63581.exe
1752	Unicorn-4821.exe
1332	Unicorn-53275.exe
1856	Unicorn-30717.exe
332	Unicorn-57359.exe
2208	Unicorn-55221.exe
908	Unicorn-37493.exe
2336	Unicorn-545.exe
1920	Unicorn-16327.exe
3008	Unicorn-27187.exe
880	Unicorn-47053.exe
1596	Unicorn-53830.exe
2692	Unicorn-11412.exe
2668	Unicorn-18189.exe
2512	Unicorn-29887.exe
2440	Unicorn-58475.exe
2488	Unicorn-38609.exe
2820	Unicorn-9274.exe
2816	Unicorn-54946.exe
2972	Unicorn-17443.exe
1812	Unicorn-17997.exe
2412	Unicorn-29695.exe
2380	Unicorn-34333.exe
876	Unicorn-23473.exe
2740	Unicorn-50115.exe
1716	Unicorn-43269.exe
2096	Unicorn-19088.exe
1940	Unicorn-19088.exe
2044	Unicorn-43269.exe
2080	Unicorn-60997.exe
2276	Unicorn-8781.exe
2884	Unicorn-2237.exe
1572	Unicorn-46306.exe
1028	Unicorn-18272.exe
2228	Unicorn-54474.exe
1192	Unicorn-54474.exe
3052	Unicorn-24302.exe
2212	Unicorn-5273.exe
3040	Unicorn-46861.exe
2176	Unicorn-56420.exe
2628	Unicorn-48252.exe
2432	Unicorn-26248.exe
2452	Unicorn-11303.exe
2444	Unicorn-48807.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 320	2340	1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe	28
PID 2340 wrote to memory of 320	2340	1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe	28
PID 2340 wrote to memory of 320	2340	1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe	28
PID 2340 wrote to memory of 320	2340	1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe	28
PID 320 wrote to memory of 2712	320	Unicorn-61365.exe	29
PID 320 wrote to memory of 2712	320	Unicorn-61365.exe	29
PID 320 wrote to memory of 2712	320	Unicorn-61365.exe	29
PID 320 wrote to memory of 2712	320	Unicorn-61365.exe	29
PID 2340 wrote to memory of 2564	2340	1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe	30
PID 2340 wrote to memory of 2564	2340	1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe	30
PID 2340 wrote to memory of 2564	2340	1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe	30
PID 2340 wrote to memory of 2564	2340	1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe	30
PID 2340 wrote to memory of 2580	2340	1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe	31
PID 2340 wrote to memory of 2580	2340	1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe	31
PID 2340 wrote to memory of 2580	2340	1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe	31
PID 2340 wrote to memory of 2580	2340	1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe	31
PID 2712 wrote to memory of 2280	2712	Unicorn-20572.exe	32
PID 2712 wrote to memory of 2280	2712	Unicorn-20572.exe	32
PID 2712 wrote to memory of 2280	2712	Unicorn-20572.exe	32
PID 2712 wrote to memory of 2280	2712	Unicorn-20572.exe	32
PID 320 wrote to memory of 2684	320	Unicorn-61365.exe	33
PID 320 wrote to memory of 2684	320	Unicorn-61365.exe	33
PID 320 wrote to memory of 2684	320	Unicorn-61365.exe	33
PID 320 wrote to memory of 2684	320	Unicorn-61365.exe	33
PID 2564 wrote to memory of 2596	2564	Unicorn-706.exe	34
PID 2564 wrote to memory of 2596	2564	Unicorn-706.exe	34
PID 2564 wrote to memory of 2596	2564	Unicorn-706.exe	34
PID 2564 wrote to memory of 2596	2564	Unicorn-706.exe	34
PID 320 wrote to memory of 2960	320	Unicorn-61365.exe	35
PID 320 wrote to memory of 2960	320	Unicorn-61365.exe	35
PID 320 wrote to memory of 2960	320	Unicorn-61365.exe	35
PID 320 wrote to memory of 2960	320	Unicorn-61365.exe	35
PID 2712 wrote to memory of 1388	2712	Unicorn-20572.exe	37
PID 2712 wrote to memory of 1388	2712	Unicorn-20572.exe	37
PID 2712 wrote to memory of 1388	2712	Unicorn-20572.exe	37
PID 2712 wrote to memory of 1388	2712	Unicorn-20572.exe	37
PID 2280 wrote to memory of 2308	2280	Unicorn-55465.exe	36
PID 2280 wrote to memory of 2308	2280	Unicorn-55465.exe	36
PID 2280 wrote to memory of 2308	2280	Unicorn-55465.exe	36
PID 2280 wrote to memory of 2308	2280	Unicorn-55465.exe	36
PID 2564 wrote to memory of 2992	2564	Unicorn-706.exe	38
PID 2564 wrote to memory of 2992	2564	Unicorn-706.exe	38
PID 2564 wrote to memory of 2992	2564	Unicorn-706.exe	38
PID 2564 wrote to memory of 2992	2564	Unicorn-706.exe	38
PID 2596 wrote to memory of 2724	2596	Unicorn-49243.exe	39
PID 2596 wrote to memory of 2724	2596	Unicorn-49243.exe	39
PID 2596 wrote to memory of 2724	2596	Unicorn-49243.exe	39
PID 2596 wrote to memory of 2724	2596	Unicorn-49243.exe	39
PID 2684 wrote to memory of 1056	2684	Unicorn-64188.exe	40
PID 2684 wrote to memory of 1056	2684	Unicorn-64188.exe	40
PID 2684 wrote to memory of 1056	2684	Unicorn-64188.exe	40
PID 2684 wrote to memory of 1056	2684	Unicorn-64188.exe	40
PID 2712 wrote to memory of 1440	2712	Unicorn-20572.exe	41
PID 2712 wrote to memory of 1440	2712	Unicorn-20572.exe	41
PID 2712 wrote to memory of 1440	2712	Unicorn-20572.exe	41
PID 2712 wrote to memory of 1440	2712	Unicorn-20572.exe	41
PID 2564 wrote to memory of 1700	2564	Unicorn-706.exe	42
PID 2564 wrote to memory of 1700	2564	Unicorn-706.exe	42
PID 2564 wrote to memory of 1700	2564	Unicorn-706.exe	42
PID 2564 wrote to memory of 1700	2564	Unicorn-706.exe	42
PID 2308 wrote to memory of 1964	2308	Unicorn-11500.exe	43
PID 2308 wrote to memory of 1964	2308	Unicorn-11500.exe	43
PID 2308 wrote to memory of 1964	2308	Unicorn-11500.exe	43
PID 2308 wrote to memory of 1964	2308	Unicorn-11500.exe	43

C:\Users\Admin\AppData\Local\Temp\1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1af128fd8d5d55b42aaf3d5affeab270_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61365.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61365.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20572.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63581.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11412.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56695.exe
        10⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
        11⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
        12⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        13⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53029.exe
        14⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe
        15⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8880 -s 216
        15⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        14⤵
        
        PID:9612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
        13⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
        12⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
        11⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21453.exe
        10⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
        11⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe
        11⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17381.exe
        12⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9874.exe
        13⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        14⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 216
        14⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
        13⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
        12⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 220
        11⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        10⤵
        Program crash
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
        9⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20899.exe
        10⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7214.exe
        11⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10644.exe
        12⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
        13⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47778.exe
        14⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 216
        14⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
        13⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
        12⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        11⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
        10⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        9⤵
        Program crash
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48527.exe
        9⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        10⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21989.exe
        11⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57022.exe
        12⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27394.exe
        13⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56138.exe
        14⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
        14⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
        13⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        12⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        11⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 236
        10⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
        9⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        10⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
        11⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58307.exe
        12⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
        13⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 216
        13⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
        12⤵
        
        PID:10532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
        11⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        10⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
        9⤵
        Program crash
        
        PID:3156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
        8⤵
        Program crash
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54474.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35097.exe
        9⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
        10⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
        11⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        12⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42303.exe
        13⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
        14⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10400 -s 216
        14⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
        13⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        12⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        11⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
        10⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        9⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32954.exe
        10⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30292.exe
        11⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33943.exe
        12⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        13⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10468 -s 220
        13⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
        12⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        11⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 216
        10⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
        9⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4925.exe
        8⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        10⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39311.exe
        11⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10445.exe
        12⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
        13⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11024 -s 216
        13⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
        12⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
        11⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        10⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
        9⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 220
        8⤵
        Program crash
        
        PID:4048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        7⤵
        Program crash
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4821.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29887.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54474.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32575.exe
        9⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47925.exe
        10⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        11⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
        12⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31945.exe
        13⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
        14⤵
        
        PID:10920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 216
        14⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
        13⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 236
        12⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        11⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        10⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23975.exe
        9⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        10⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35471.exe
        11⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
        12⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        13⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 216
        13⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
        12⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        11⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        10⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 240
        9⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
        8⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9030.exe
        9⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        10⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
        11⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36823.exe
        12⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
        13⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
        13⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
        12⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
        11⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        10⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
        9⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
        8⤵
        Program crash
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24302.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3794.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25367.exe
        9⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe
        10⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50162.exe
        11⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
        12⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6693.exe
        13⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
        13⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
        12⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
        11⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        10⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
        9⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1417.exe
        8⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
        9⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        10⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42692.exe
        11⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        12⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 236
        12⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
        11⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        10⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        9⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        8⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
        7⤵
        Program crash
        
        PID:2000
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
        6⤵
        Program crash
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43632.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53275.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58475.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
        8⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53571.exe
        9⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11298.exe
        10⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56747.exe
        11⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23611.exe
        12⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
        13⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
        14⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10748 -s 216
        14⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
        13⤵
        
        PID:10844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
        12⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        11⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        10⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
        9⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 216
        8⤵
        Program crash
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46861.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
        8⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30494.exe
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33613.exe
        10⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        11⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61052.exe
        12⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4270.exe
        13⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10984 -s 216
        13⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 216
        12⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
        11⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
        10⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
        9⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
        8⤵
        Program crash
        
        PID:3888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
        7⤵
        Program crash
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38609.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9160.exe
        9⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        10⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2998.exe
        11⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        12⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15100.exe
        13⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 216
        12⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
        11⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
        10⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
        9⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 236
        8⤵
        Program crash
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
        7⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
        8⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
        9⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28494.exe
        10⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        11⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9704 -s 216
        11⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 236
        10⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
        9⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 216
        8⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
        7⤵
        
        PID:5108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
        6⤵
        Program crash
        
        PID:2948
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57172.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63498.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9274.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48252.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
        9⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50058.exe
        10⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27578.exe
        11⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27913.exe
        12⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54794.exe
        13⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10428 -s 216
        13⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
        12⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
        11⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
        10⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 216
        9⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13436.exe
        9⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
        10⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35863.exe
        11⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        12⤵
        
        PID:10836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8200 -s 216
        12⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        11⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
        10⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 216
        9⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        8⤵
        Program crash
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26248.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50193.exe
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-530.exe
        10⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        11⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45832.exe
        12⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
        12⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 220
        11⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        10⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 216
        9⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        8⤵
        Program crash
        
        PID:4084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
        7⤵
        Program crash
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61547.exe
        8⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
        9⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
        10⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        11⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
        12⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
        12⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 236
        11⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
        10⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 216
        9⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
        8⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2787.exe
        7⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37941.exe
        8⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
        9⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7274.exe
        10⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52993.exe
        11⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
        11⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        9⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 236
        8⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        7⤵
        Program crash
        
        PID:3652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
        6⤵
        Program crash
        
        PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37493.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50115.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9933.exe
        7⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3446.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe
        9⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        10⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe
        11⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48956.exe
        12⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10500 -s 236
        12⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 236
        11⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 236
        10⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
        9⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        8⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40119.exe
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6612.exe
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
        9⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24566.exe
        10⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
        11⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 216
        11⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
        10⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        9⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        8⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        7⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
        6⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
        7⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        8⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14235.exe
        9⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
        10⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54083.exe
        11⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 220
        11⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
        10⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
        9⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 236
        8⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 216
        7⤵
        
        PID:3128
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
        6⤵
        Program crash
        
        PID:640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 240
        5⤵
        Program crash
        
        PID:1628
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64188.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12242.exe
        6⤵
        Executes dropped EXE
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        9⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
        10⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe
        11⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56859.exe
        12⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39418.exe
        13⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 220
        12⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
        11⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
        10⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 216
        9⤵
        Program crash
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        9⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
        10⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        11⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
        12⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37519.exe
        13⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 236
        12⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
        11⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        10⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
        9⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 220
        8⤵
        Program crash
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41022.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41127.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56000.exe
        10⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
        11⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
        12⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8472 -s 236
        12⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
        11⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
        10⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 216
        9⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 236
        8⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
        7⤵
        Program crash
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        7⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        8⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35455.exe
        9⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
        10⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22049.exe
        11⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25412.exe
        12⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 220
        12⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 220
        11⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
        10⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
        9⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 216
        8⤵
        Program crash
        
        PID:3496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
        7⤵
        Program crash
        
        PID:4000
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 240
        6⤵
        Program crash
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60997.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        7⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49103.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33255.exe
        9⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe
        10⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14451.exe
        11⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        12⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 216
        12⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
        11⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        10⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 216
        9⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 236
        8⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58594.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32487.exe
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4661.exe
        9⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28245.exe
        10⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
        11⤵
        
        PID:11008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 216
        11⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 236
        10⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        9⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 216
        8⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        7⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21091.exe
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40608.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54033.exe
        9⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43203.exe
        10⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43118.exe
        11⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
        12⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
        11⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
        10⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        9⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
        8⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
        7⤵
        Program crash
        
        PID:3804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 220
        6⤵
        Program crash
        
        PID:608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
        5⤵
        Program crash
        
        PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45579.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57359.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29695.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14017.exe
        7⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2040.exe
        8⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49015.exe
        9⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4277.exe
        10⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe
        11⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
        12⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
        12⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 236
        11⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
        10⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 216
        9⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 216
        8⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12901.exe
        7⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
        8⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
        9⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        10⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63538.exe
        11⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
        12⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 216
        11⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 220
        10⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 216
        8⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
        7⤵
        Program crash
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63773.exe
        6⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe
        7⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        9⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
        10⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4031.exe
        11⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8216 -s 220
        11⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
        10⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
        9⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
        8⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
        7⤵
        Program crash
        
        PID:4032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 240
        6⤵
        Program crash
        
        PID:704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34333.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 244
        6⤵
        Program crash
        
        PID:2400
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
        5⤵
        Program crash
        
        PID:1248
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:420
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27837.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10213.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16327.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54858.exe
        8⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45595.exe
        9⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
        10⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9959.exe
        11⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46636.exe
        12⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52137.exe
        13⤵
        
        PID:10820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 216
        13⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 216
        12⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
        11⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
        10⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
        9⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25729.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21605.exe
        9⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10644.exe
        10⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15333.exe
        11⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52246.exe
        12⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 216
        12⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
        11⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
        10⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        9⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        8⤵
        Program crash
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61635.exe
        7⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        9⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60447.exe
        10⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
        11⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        12⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
        13⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
        12⤵
        
        PID:10628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
        11⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 236
        10⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
        9⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 216
        8⤵
        Program crash
        
        PID:3408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 220
        7⤵
        Program crash
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44552.exe
        7⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57271.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57951.exe
        9⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49861.exe
        10⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
        11⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        12⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 216
        12⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 236
        11⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
        10⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 216
        9⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58594.exe
        7⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
        8⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8314.exe
        9⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
        10⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe
        11⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        12⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
        11⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
        10⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        9⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 216
        8⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        7⤵
        Program crash
        
        PID:3452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        6⤵
        Program crash
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27187.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24878.exe
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16431.exe
        7⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36332.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
        9⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        10⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
        11⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
        12⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
        11⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
        10⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
        9⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42916.exe
        7⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24267.exe
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23611.exe
        9⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37280.exe
        10⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 220
        10⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
        9⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
        8⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        7⤵
        
        PID:5144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
        6⤵
        Program crash
        
        PID:1796
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
        5⤵
        Program crash
        
        PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18936.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47053.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8781.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9741.exe
        7⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        8⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32186.exe
        9⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43343.exe
        10⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37365.exe
        11⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12043.exe
        12⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16990.exe
        13⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
        12⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        11⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 236
        10⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1495.exe
        9⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20645.exe
        10⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34410.exe
        11⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        12⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 216
        11⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
        10⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 220
        9⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
        8⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
        7⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        8⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24267.exe
        9⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        10⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        11⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5780.exe
        12⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 216
        11⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
        10⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        9⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
        8⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
        7⤵
        Program crash
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
        6⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19467.exe
        8⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52554.exe
        9⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9495.exe
        10⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
        11⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 220
        11⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 220
        10⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
        9⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 216
        8⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
        7⤵
        Program crash
        
        PID:3812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
        6⤵
        Program crash
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        6⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32767.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
        8⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
        9⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48006.exe
        10⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        11⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 216
        11⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
        10⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        9⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        8⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 236
        7⤵
        Program crash
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        6⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35995.exe
        7⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        8⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
        9⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        10⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5780.exe
        11⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
        10⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        9⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
        8⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
        7⤵
        
        PID:5648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
        6⤵
        Program crash
        
        PID:3504
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
        5⤵
        Program crash
        
        PID:692
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7971.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17443.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11303.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24791.exe
        8⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe
        9⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
        10⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61677.exe
        11⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        12⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49911.exe
        13⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
        12⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
        11⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
        10⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
        9⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
        8⤵
        Program crash
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        7⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35803.exe
        8⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
        9⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33808.exe
        10⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        11⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        12⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8596 -s 216
        11⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
        10⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
        9⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 236
        8⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
        7⤵
        Program crash
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32980.exe
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30297.exe
        9⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        10⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        11⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
        11⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        10⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 236
        9⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 216
        8⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
        7⤵
        Program crash
        
        PID:4056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
        6⤵
        Program crash
        
        PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        6⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
        8⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47256.exe
        9⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37098.exe
        10⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
        11⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
        11⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 216
        10⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
        9⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 216
        8⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 236
        7⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19123.exe
        6⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
        7⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        8⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
        9⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        10⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
        11⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10940 -s 216
        11⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 216
        10⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 220
        9⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
        8⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
        7⤵
        
        PID:5444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
        6⤵
        Program crash
        
        PID:3376
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
        5⤵
        Program crash
        
        PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-545.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23473.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
        6⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21003.exe
        8⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        9⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4337.exe
        10⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        11⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9856 -s 216
        11⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
        10⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
        9⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        8⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 216
        7⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
        6⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20728.exe
        7⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2092.exe
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        9⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53424.exe
        10⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13564.exe
        11⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 216
        10⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 220
        9⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
        8⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
        7⤵
        
        PID:5504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 240
        6⤵
        Program crash
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        5⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54017.exe
        6⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46358.exe
        7⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50904.exe
        8⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44633.exe
        9⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
        10⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 216
        10⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 236
        9⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 236
        8⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        7⤵
        
        PID:6864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 216
        6⤵
        
        PID:4964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        5⤵
        Program crash
        
        PID:1104
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
      4⤵
      Program crash
      PID:2644
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1700
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
  2⤵
  - Program crash
  PID:2580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe

Filesize
184KB

MD5
ce295f53e61c066d1a46ccae1cdc7327

SHA1
0ada056c7820ac3ff6d752f99f28bdccb224b547

SHA256
98f91ac3b86bb3b902fe348a1158a4a3af63da8737819a9766c8531d18f50403

SHA512
ec009ad4d1afd90f8df70962cb3a58838d9204c01fa2351731d8808f60226d02080ba53c39e4f189bb26ed261c244bfe2eece9653892af18f27f9640d1071ad5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe

Filesize
184KB

MD5
99b390badb2fbf4f3d9d49495d8aea4d

SHA1
e724fc5d5e659be0dd37687d3d3eb969bcf5c276

SHA256
d473e479df030eb19136e8fc294b105e751546db0b0b9908b85ec6e3eeb57ed2

SHA512
eff009e670c371dbc0380185aa4df44f3f4f0140260ce5b25b372d14077dda22b49fc7518d43eb7e54cf554c219bbe694d353dd61543a4462232caab5a7529ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20572.exe

Filesize
184KB

MD5
5baadc61d3ff19c8c0f93d4c7fdb017e

SHA1
35bf3236f4dd81cca7622494d3f07593d18a611f

SHA256
98d2049a16ff031887993abc3cf25db807fe698a579245b160b456b90b2004cb

SHA512
fb24f319679c80c5971bb95ca9ebbc7691a52b2b3f893a5d0f8d07d576ee47e37b8099c635db1b4e024610a66b47a620b63c9cba0f15427499118163417710b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40119.exe

Filesize
184KB

MD5
388fc5c1b8dcf9619cd0f3e2965f888f

SHA1
0f4c2f604a58d2e893f2c7e772796daf4c4b6464

SHA256
868193f3c801533e4cefb13fd8f34c8d4ea1051c227fba0bf329307c6582b706

SHA512
0ebc5528adec1b2a7c7f3d9335b09d2b697b9aa349cbedea50e67d08f4692221e210b176f4ba7bfab7956c56b8b45a8f88cd9357132aac662ce570319f5d5a45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40608.exe

Filesize
184KB

MD5
7f68a0fff308f14df756fd67dcb54931

SHA1
f8a276857362642f2ac053af6f2412ef08d905b9

SHA256
ed3fa34867671e4fa1abad2ae9e3974f4138f77dc392ef7bfafe10599cc994a2

SHA512
2fe0cac9eda6b92c23d61d4542b6b8a2f006ee2a0ab0d7e2f019eaa23cd4516118e9393cf855233108956d7d18ec6ad0ea7eda21793146f1260c91c80d6f6157

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41127.exe

Filesize
184KB

MD5
954320f6d1429029f70081ec868404c8

SHA1
a06606f45dc528f77f7321cb3c981a19c6be68d2

SHA256
b4d2b3484d462c8e3e14e71124eefc877692b312ecb047dba9af9043abb93fd7

SHA512
7fc239fc6014d6f85b87b96cc38f169ebe2339996204fddfed4817c3cc33bbbe877f949b236341b0a63da24260d9de4c26a93a093d99ac552b08d141796894a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe

Filesize
184KB

MD5
06228ca6076e67768ae29ff07b85beb7

SHA1
40a17be08cc59dac521967fe6309b3713bd28a0a

SHA256
120c4b125c9d5fa878c6226be641d63eccef1f611cf01250dbed93fab55f257d

SHA512
83b93289b606bce3a56ac1c606f5141e7409494004cb64db67ab187b5be210bfffc9403d04888bfab3ab24bc503d62422a4b40808621cbd2a6e1af36dd2e70b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe

Filesize
184KB

MD5
3810a4ba145d23a6dd5391f9ec6cc5c8

SHA1
5cee8f3f69f5a59aae6783d0f5ec5b3f985344cb

SHA256
0018866585f7ebb436023c2710f32705b2c6271f465e88e4b78dc458ea83e35e

SHA512
09a48d20e6b88dbc515549ad42fcf053368c2882f9b11d9d1c18b89cf2470c0ba9c11ecd0c5d291d9c5a341021701821e02ec17510382f963e19c38e4ffee6f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe

Filesize
184KB

MD5
9181280bb08d066429e960a4d478ff4f

SHA1
79839f8a753ca7bb2eaf9b27bc371418cc6e7d77

SHA256
6b3aaeba8a799294dec8b9acf1e566b60899be195731b3de06e027c0f35b76ca

SHA512
f8df939eee0d2d360cd9d2495783d3c481e7b575a6ecd3bbb5bd4604f15085c2b3c5f5d98b67c7c60522f8ed77631fcc26083ab897963de0646b2f3dfb6ebf73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe

Filesize
184KB

MD5
21407d9d1fec4fd746017aef5e7e9a9c

SHA1
07e51ad3447dfa5716abee78a1cdd1b871564809

SHA256
820c484e0acbbf555f4fa108bd8d6259c69bd717c6f95725091faec15bbab55a

SHA512
7841d011bd132b72f54c2d4a83efa20ceaba067ef0a80a5dfc29bc76f05cc3a0b902517be456c4e0c76033cf7b60cc17b3d817266c6b527220e99b967ee14efc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9741.exe

Filesize
184KB

MD5
d48fb2720fa75ead5e8929639276318b

SHA1
a58c64ded4e0d906b991bc584928cf5ac50f922c

SHA256
099590909833ce2edfa92667dce823d0d56d66bb2206f82490185f65e8f3e8a3

SHA512
4e1abc40bd0f73b08a355494c9ea9981e9e55c95d39305a2193ba10f3464af9ab14ef0ccdb3ab9e36ebc4b8653dd48fb7f71512b2cdd9e6429b743bc7a90c5e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe

Filesize
184KB

MD5
f9daaaed1f391242cfe14e81f5fb2b1b

SHA1
93f4f7360534e9fe30bee8b8a25e08981ad4a37a

SHA256
c55386f0bc0314f32ff365e4ac6ca6dcbebfd9c986df4e442e48b9127f80f856

SHA512
4dfc434fb4882b66d11106ca388bb4280dbfe736d3e6c2c5c8e1bcca0ee1ae935f44fd58c6e8f72116c426a956625433abaa9b75db8663b025269ea0b68acea5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27837.exe

Filesize
184KB

MD5
263af2802ddb51267122199ede786da8

SHA1
5f7ef5bc4e3e9189353beb68db896539738ade5d

SHA256
29e8d6da420a4d87effcd65d3fad7a7a2e3c8e9d65d564c49fa5356a374d42af

SHA512
73f0af74c1c33f1e32ada12c587b200f6c76c9f615de88ba8fab93b1b98f16e7729f184584be386a104aaa6f275a2176b93f56176245611363647720cc4dab50

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43632.exe

Filesize
184KB

MD5
59dd2dfdb7808efe4e7865e7069a5063

SHA1
9e65f8dc8583e1b8d59d7f044993b17c328070a3

SHA256
cfa697518fd5326233f93f41d4592e25438d125fd5709f2fb88ca9d29b1f73da

SHA512
132a88329373fbc0af99208ab1710dbeb3954226d4ecc5724c5afac32ffe370c86d1fb8e9aa1eb03d3cfa3372f9debd12a4984452dac6c0880603fe39a7dc7cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe

Filesize
184KB

MD5
cf006973f354e7cf354b6b355a75fc7b

SHA1
65a5d33a18109b6113206aaab134c2993d3c1f9c

SHA256
e7ef4e3da3f212c72b5499eb70d01c936e2409c8847d73e62eac11c802509c88

SHA512
3c68b8a7b0c0ac2e908e7d3153e966ffb6b4ded91ae12f65bd96daf9ade35c31b243152d93a3f13713a97ee961f483ac656e60832bad78f32b90e0da683ed442

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57172.exe

Filesize
184KB

MD5
c7c6c3d22a4dfab4513483f3e144a468

SHA1
d7bd125d2530bada69f6caa6db38809bf734efb2

SHA256
42d6ecb221c26212aa28d5bd26a7ef6c8611ec2ccd6fb245703271ab0dad7683

SHA512
e1b581b8f5b57e81a8d3210849387b703736d9e176d18c578cc7388a3d839ea72a9ff92b93c7dd198533b807ff79f35b985bdd6f4834c9f109d8d31a95c26d80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61365.exe

Filesize
184KB

MD5
1961d8ba87e2ed6d576de0e7b0062702

SHA1
12f157397c9cda559d2b7b1eafbc2f160d78918f

SHA256
90a0863b42df04be280535449d3cf642e21c83bde84730d09baf715323b8e6fa

SHA512
5706d4c6004c389a4d4d5f6edfd8b453d4ee5aef7433c21337f286853b834f5be622412e149dde688c6343f5c754f8969c97452c2c602fd4172ff488a41ac5b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63498.exe

Filesize
184KB

MD5
4bb8ce1cf58f8dbd611252839a690b45

SHA1
2da56d221909503e8791d01bec8bc401dec7611e

SHA256
ba1009d63ded9d1d07f99d11f0220cc2d6334c8582e8ceb092f37bf859775976

SHA512
257f19812043b5cee57683e8d5a1100dee0fd39893e9c097ab4420fe5c469f32493f1ed7e97a0cb6f4ef15bcc09bc328afdeb0e5993a0593f2452275165effd6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64188.exe

Filesize
184KB

MD5
c1d8642388a5397dac654536f8ae7364

SHA1
c9f0713d71dc578604db4240ae550c92ebb24168

SHA256
9263aef3c35081ec69f077959587499268ba1f502f42d8a1fcd662fc4787dc53

SHA512
71d4e179b402db95fee9d743b31bc4ed9bd6b0967c938dd601277d85a5b0c86313d8279832ad4702a896fbc18ab8afb3526904a6e1fe6f953791c38393f3fa41

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-706.exe

Filesize
184KB

MD5
e94ed4c84b93c5a5e5ee32c3662fb9f7

SHA1
31e297040cf2b76218c1271d749963b9c973cf69

SHA256
17545e30a794f8419b399ad74892235d47893e42bf150d565b88648d394413f5

SHA512
50c3d3dac082fb948e39c27d7847350c8ddb8bf46cd5e105aeedb9279d88472081917b69eac959331e4eff4b5f1dcede8e12bb9e9fc416b4d45d1b1de75a61b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7971.exe

Filesize
184KB

MD5
969f3307e18fa1d0a4a3022ad72025b1

SHA1
31cd897c0e8d8e7c199f2b0251abe551aa325070

SHA256
84dd8464f67d9c56c03ffa2a97b08dc2a3cd2dc082486d744678eaf40141c8e4

SHA512
29e1e729c95f00aff1f989c1d69cfd16f00b67673cb695bb26fb825fe3304bd58abfc7e4075102d3a5f4ed9a46d4e481d6d7f81a4cbd6d4b1823a33128cf8ffe

Download Submit
memory/2184-769-0x0000000002830000-0x000000000298C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads