228917c49f24570ed3479320a694c91c20f6263a0816a0fbed7c1a390b893300

Analysis

max time kernel
150s
max time network
129s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe
Size

184KB
MD5

1c518d67bfe5bf822ad06b61dad53610
SHA1

a3b4348e7ab92ff29d2dd6da0d91b11be1491604
SHA256

228917c49f24570ed3479320a694c91c20f6263a0816a0fbed7c1a390b893300
SHA512

0a7a6356a461b62723bc130d918d8b200c9b1ca086e0c51c44e711c3e5b29dcb9979c2840ac9261991884157a33632ee17025fb8279d1735d19e6ec4b234cb47
SSDEEP

1536:jaaG6TZBGuGlo+x3Q9tAhhwSyd9yvZc8PmdY6na8WZFetkhl5hj5nihpk+:OOmuGlo6g9t4jy3Wefna8gskhlnVij7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2104	Unicorn-8489.exe
3024	Unicorn-61857.exe
3020	Unicorn-7181.exe
2748	Unicorn-3466.exe
2604	Unicorn-64919.exe
2740	Unicorn-59444.exe
548	Unicorn-15802.exe
1676	Unicorn-26662.exe
2720	Unicorn-42444.exe
1836	Unicorn-57389.exe
756	Unicorn-46528.exe
1532	Unicorn-48749.exe
2344	Unicorn-13938.exe
2024	Unicorn-63694.exe
2900	Unicorn-28905.exe
2272	Unicorn-21291.exe
1244	Unicorn-17207.exe
484	Unicorn-37073.exe
2380	Unicorn-19175.exe
2188	Unicorn-14275.exe
1368	Unicorn-42309.exe
1088	Unicorn-49086.exe
880	Unicorn-52615.exe
688	Unicorn-32003.exe
1528	Unicorn-42863.exe
1512	Unicorn-9444.exe
980	Unicorn-9444.exe
2072	Unicorn-51032.exe
2980	Unicorn-40171.exe
2240	Unicorn-48614.exe
2596	Unicorn-41000.exe
2624	Unicorn-56782.exe
2832	Unicorn-43138.exe
2708	Unicorn-32278.exe
2984	Unicorn-44530.exe
2512	Unicorn-15750.exe
2532	Unicorn-61421.exe
2560	Unicorn-3497.exe
2492	Unicorn-30140.exe
2716	Unicorn-18442.exe
1620	Unicorn-13611.exe
2176	Unicorn-13611.exe
2164	Unicorn-60674.exe
1992	Unicorn-36724.exe
1788	Unicorn-36724.exe
2168	Unicorn-56590.exe
848	Unicorn-1914.exe
532	Unicorn-35340.exe
1092	Unicorn-41047.exe
2356	Unicorn-34271.exe
1524	Unicorn-22573.exe
1872	Unicorn-36217.exe
1636	Unicorn-48469.exe
684	Unicorn-44385.exe
2464	Unicorn-51183.exe
2448	Unicorn-43569.exe
1756	Unicorn-28625.exe
2016	Unicorn-59351.exe
2396	Unicorn-49792.exe
2700	Unicorn-43015.exe
2656	Unicorn-43015.exe
2676	Unicorn-57213.exe
2696	Unicorn-22403.exe
2848	Unicorn-63990.exe

Loads dropped DLL 64 IoCs

pid	Process
2244	1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe
2244	1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe
2104	Unicorn-8489.exe
2244	1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe
2104	Unicorn-8489.exe
2244	1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe
3020	Unicorn-7181.exe
3020	Unicorn-7181.exe
3024	Unicorn-61857.exe
3024	Unicorn-61857.exe
2104	Unicorn-8489.exe
2104	Unicorn-8489.exe
3000	WerFault.exe
3000	WerFault.exe
3000	WerFault.exe
3000	WerFault.exe
3000	WerFault.exe
2604	Unicorn-64919.exe
2604	Unicorn-64919.exe
3024	Unicorn-61857.exe
3020	Unicorn-7181.exe
3024	Unicorn-61857.exe
3020	Unicorn-7181.exe
2740	Unicorn-59444.exe
2740	Unicorn-59444.exe
2748	Unicorn-3466.exe
2748	Unicorn-3466.exe
1980	WerFault.exe
1980	WerFault.exe
1980	WerFault.exe
1980	WerFault.exe
2800	WerFault.exe
2800	WerFault.exe
2800	WerFault.exe
2800	WerFault.exe
1980	WerFault.exe
2800	WerFault.exe
1676	Unicorn-26662.exe
1676	Unicorn-26662.exe
548	Unicorn-15802.exe
548	Unicorn-15802.exe
2604	Unicorn-64919.exe
2604	Unicorn-64919.exe
2720	Unicorn-42444.exe
2720	Unicorn-42444.exe
2740	Unicorn-59444.exe
2740	Unicorn-59444.exe
756	Unicorn-46528.exe
756	Unicorn-46528.exe
2748	Unicorn-3466.exe
2748	Unicorn-3466.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
2728	WerFault.exe
2728	WerFault.exe
2728	WerFault.exe
2728	WerFault.exe
1864	WerFault.exe
2728	WerFault.exe
444	WerFault.exe
444	WerFault.exe
444	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2764	2244	WerFault.exe	27
3000	2104	WerFault.exe	28
1980	3020	WerFault.exe	30
2800	3024	WerFault.exe	29
1864	2604	WerFault.exe	33
2728	2748	WerFault.exe	32
444	2740	WerFault.exe	34
1716	1676	WerFault.exe	37
1720	548	WerFault.exe	36
1588	2720	WerFault.exe	39
2224	756	WerFault.exe	40
2972	1836	WerFault.exe	38
2928	1532	WerFault.exe	43
1612	2344	WerFault.exe	44
2796	2024	WerFault.exe	45
2280	2900	WerFault.exe	46
2496	1244	WerFault.exe	49
2896	484	WerFault.exe	48
2152	2272	WerFault.exe	47
1476	2380	WerFault.exe	53
984	2188	WerFault.exe	54
1536	1368	WerFault.exe	55
1604	1088	WerFault.exe	56
1028	880	WerFault.exe	57
900	1528	WerFault.exe	59
1316	688	WerFault.exe	58
1236	2980	WerFault.exe	62
1420	2072	WerFault.exe	63
2052	980	WerFault.exe	61
2856	1512	WerFault.exe	60
1660	2240	WerFault.exe	67
1260	2984	WerFault.exe	74
544	2832	WerFault.exe	72
2352	2596	WerFault.exe	69
2232	2532	WerFault.exe	76
3088	2624	WerFault.exe	71
3080	2492	WerFault.exe	78
3128	848	WerFault.exe	86
3120	2560	WerFault.exe	77
3196	1620	WerFault.exe	81
3204	2168	WerFault.exe	85
3252	2716	WerFault.exe	79
3436	1668	WerFault.exe	136
3660	1788	WerFault.exe	84
3700	2512	WerFault.exe	75
4024	2176	WerFault.exe	80
4052	2032	WerFault.exe	160
3328	1992	WerFault.exe	83
3644	2164	WerFault.exe	82
3548	1952	WerFault.exe	119
3560	2676	WerFault.exe	108
3588	1956	WerFault.exe	115
3684	2444	WerFault.exe	114
3808	1048	WerFault.exe	118
3796	1808	WerFault.exe	116
3868	2848	WerFault.exe	110
3980	2448	WerFault.exe	102
4068	684	WerFault.exe	100
3444	532	WerFault.exe	94
3572	2356	WerFault.exe	96
3728	1524	WerFault.exe	97
4016	1092	WerFault.exe	95
3848	2016	WerFault.exe	104
4100	2008	WerFault.exe	112

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2244	1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe
2104	Unicorn-8489.exe
3024	Unicorn-61857.exe
3020	Unicorn-7181.exe
2748	Unicorn-3466.exe
2604	Unicorn-64919.exe
2740	Unicorn-59444.exe
548	Unicorn-15802.exe
1676	Unicorn-26662.exe
756	Unicorn-46528.exe
2720	Unicorn-42444.exe
1836	Unicorn-57389.exe
1532	Unicorn-48749.exe
2344	Unicorn-13938.exe
2024	Unicorn-63694.exe
2900	Unicorn-28905.exe
2272	Unicorn-21291.exe
484	Unicorn-37073.exe
1244	Unicorn-17207.exe
2380	Unicorn-19175.exe
2188	Unicorn-14275.exe
1368	Unicorn-42309.exe
1088	Unicorn-49086.exe
880	Unicorn-52615.exe
688	Unicorn-32003.exe
1528	Unicorn-42863.exe
1512	Unicorn-9444.exe
2980	Unicorn-40171.exe
980	Unicorn-9444.exe
2072	Unicorn-51032.exe
2240	Unicorn-48614.exe
2596	Unicorn-41000.exe
2624	Unicorn-56782.exe
2708	Unicorn-32278.exe
2832	Unicorn-43138.exe
2984	Unicorn-44530.exe
2532	Unicorn-61421.exe
2512	Unicorn-15750.exe
2560	Unicorn-3497.exe
2492	Unicorn-30140.exe
2716	Unicorn-18442.exe
1620	Unicorn-13611.exe
1992	Unicorn-36724.exe
2168	Unicorn-56590.exe
2176	Unicorn-13611.exe
2164	Unicorn-60674.exe
1788	Unicorn-36724.exe
848	Unicorn-1914.exe
532	Unicorn-35340.exe
1092	Unicorn-41047.exe
2356	Unicorn-34271.exe
1524	Unicorn-22573.exe
1872	Unicorn-36217.exe
1636	Unicorn-48469.exe
684	Unicorn-44385.exe
2464	Unicorn-51183.exe
2448	Unicorn-43569.exe
1756	Unicorn-28625.exe
2016	Unicorn-59351.exe
2396	Unicorn-49792.exe
2700	Unicorn-43015.exe
2676	Unicorn-57213.exe
2696	Unicorn-22403.exe
2656	Unicorn-43015.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2104	2244	1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe	28
PID 2244 wrote to memory of 2104	2244	1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe	28
PID 2244 wrote to memory of 2104	2244	1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe	28
PID 2244 wrote to memory of 2104	2244	1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe	28
PID 2104 wrote to memory of 3024	2104	Unicorn-8489.exe	29
PID 2104 wrote to memory of 3024	2104	Unicorn-8489.exe	29
PID 2104 wrote to memory of 3024	2104	Unicorn-8489.exe	29
PID 2104 wrote to memory of 3024	2104	Unicorn-8489.exe	29
PID 2244 wrote to memory of 3020	2244	1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe	30
PID 2244 wrote to memory of 3020	2244	1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe	30
PID 2244 wrote to memory of 3020	2244	1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe	30
PID 2244 wrote to memory of 3020	2244	1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe	30
PID 2244 wrote to memory of 2764	2244	1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe	31
PID 2244 wrote to memory of 2764	2244	1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe	31
PID 2244 wrote to memory of 2764	2244	1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe	31
PID 2244 wrote to memory of 2764	2244	1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe	31
PID 3020 wrote to memory of 2748	3020	Unicorn-7181.exe	32
PID 3020 wrote to memory of 2748	3020	Unicorn-7181.exe	32
PID 3020 wrote to memory of 2748	3020	Unicorn-7181.exe	32
PID 3020 wrote to memory of 2748	3020	Unicorn-7181.exe	32
PID 3024 wrote to memory of 2604	3024	Unicorn-61857.exe	33
PID 3024 wrote to memory of 2604	3024	Unicorn-61857.exe	33
PID 3024 wrote to memory of 2604	3024	Unicorn-61857.exe	33
PID 3024 wrote to memory of 2604	3024	Unicorn-61857.exe	33
PID 2104 wrote to memory of 2740	2104	Unicorn-8489.exe	34
PID 2104 wrote to memory of 2740	2104	Unicorn-8489.exe	34
PID 2104 wrote to memory of 2740	2104	Unicorn-8489.exe	34
PID 2104 wrote to memory of 2740	2104	Unicorn-8489.exe	34
PID 2104 wrote to memory of 3000	2104	Unicorn-8489.exe	35
PID 2104 wrote to memory of 3000	2104	Unicorn-8489.exe	35
PID 2104 wrote to memory of 3000	2104	Unicorn-8489.exe	35
PID 2104 wrote to memory of 3000	2104	Unicorn-8489.exe	35
PID 2604 wrote to memory of 548	2604	Unicorn-64919.exe	36
PID 2604 wrote to memory of 548	2604	Unicorn-64919.exe	36
PID 2604 wrote to memory of 548	2604	Unicorn-64919.exe	36
PID 2604 wrote to memory of 548	2604	Unicorn-64919.exe	36
PID 3024 wrote to memory of 1676	3024	Unicorn-61857.exe	37
PID 3024 wrote to memory of 1676	3024	Unicorn-61857.exe	37
PID 3024 wrote to memory of 1676	3024	Unicorn-61857.exe	37
PID 3024 wrote to memory of 1676	3024	Unicorn-61857.exe	37
PID 3020 wrote to memory of 1836	3020	Unicorn-7181.exe	38
PID 3020 wrote to memory of 1836	3020	Unicorn-7181.exe	38
PID 3020 wrote to memory of 1836	3020	Unicorn-7181.exe	38
PID 3020 wrote to memory of 1836	3020	Unicorn-7181.exe	38
PID 2740 wrote to memory of 2720	2740	Unicorn-59444.exe	39
PID 2740 wrote to memory of 2720	2740	Unicorn-59444.exe	39
PID 2740 wrote to memory of 2720	2740	Unicorn-59444.exe	39
PID 2740 wrote to memory of 2720	2740	Unicorn-59444.exe	39
PID 2748 wrote to memory of 756	2748	Unicorn-3466.exe	40
PID 2748 wrote to memory of 756	2748	Unicorn-3466.exe	40
PID 2748 wrote to memory of 756	2748	Unicorn-3466.exe	40
PID 2748 wrote to memory of 756	2748	Unicorn-3466.exe	40
PID 3020 wrote to memory of 1980	3020	Unicorn-7181.exe	41
PID 3020 wrote to memory of 1980	3020	Unicorn-7181.exe	41
PID 3020 wrote to memory of 1980	3020	Unicorn-7181.exe	41
PID 3020 wrote to memory of 1980	3020	Unicorn-7181.exe	41
PID 3024 wrote to memory of 2800	3024	Unicorn-61857.exe	42
PID 3024 wrote to memory of 2800	3024	Unicorn-61857.exe	42
PID 3024 wrote to memory of 2800	3024	Unicorn-61857.exe	42
PID 3024 wrote to memory of 2800	3024	Unicorn-61857.exe	42
PID 1676 wrote to memory of 1532	1676	Unicorn-26662.exe	43
PID 1676 wrote to memory of 1532	1676	Unicorn-26662.exe	43
PID 1676 wrote to memory of 1532	1676	Unicorn-26662.exe	43
PID 1676 wrote to memory of 1532	1676	Unicorn-26662.exe	43

C:\Users\Admin\AppData\Local\Temp\1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1c518d67bfe5bf822ad06b61dad53610_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61857.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15802.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13938.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42309.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        10⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
        11⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        12⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
        13⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        14⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe
        15⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
        14⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
        13⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
        12⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 216
        11⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59771.exe
        10⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57003.exe
        11⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62042.exe
        12⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        13⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56137.exe
        14⤵
        
        PID:11444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 216
        14⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 220
        13⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        12⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
        11⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
        10⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16517.exe
        9⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 200
        10⤵
        Program crash
        
        PID:4052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        9⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        9⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41401.exe
        10⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
        11⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
        11⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
        10⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 216
        9⤵
        Program crash
        
        PID:3980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
        8⤵
        Program crash
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43138.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36217.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15662.exe
        10⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        11⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        12⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
        13⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
        14⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 216
        14⤵
        
        PID:12612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
        13⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
        12⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        11⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        10⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2018.exe
        9⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38913.exe
        10⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        11⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10371.exe
        12⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        13⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
        14⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 216
        13⤵
        
        PID:12868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 216
        12⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        11⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 236
        10⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32469.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
        9⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
        10⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
        11⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41316.exe
        12⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
        13⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 236
        12⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 236
        11⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        10⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
        9⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
        8⤵
        Program crash
        
        PID:544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
        7⤵
        Program crash
        
        PID:1612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 236
        6⤵
        Program crash
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63694.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52615.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        9⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58531.exe
        10⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
        11⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4097.exe
        12⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
        13⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28125.exe
        14⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60268.exe
        15⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 220
        14⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
        13⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
        12⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
        11⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 216
        10⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55002.exe
        9⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19152.exe
        10⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
        11⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42136.exe
        12⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8763.exe
        13⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11148 -s 216
        13⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
        12⤵
        
        PID:11992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
        11⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        10⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        9⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
        8⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50939.exe
        9⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        10⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
        11⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe
        12⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
        13⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 236
        12⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
        11⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
        10⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
        9⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
        8⤵
        Program crash
        
        PID:3700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 236
        7⤵
        Program crash
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44385.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13440.exe
        8⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48692.exe
        9⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        10⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
        11⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
        12⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57803.exe
        13⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 216
        12⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
        11⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 236
        10⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        9⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 240
        8⤵
        Program crash
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34415.exe
        7⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11917.exe
        10⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        11⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
        12⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 220
        12⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
        11⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
        10⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
        9⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 216
        8⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        7⤵
        Program crash
        
        PID:2232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        6⤵
        Program crash
        
        PID:2796
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26662.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48749.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19175.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35340.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33285.exe
        9⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
        10⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
        11⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51113.exe
        12⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50444.exe
        13⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        14⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 216
        14⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
        13⤵
        
        PID:9732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 236
        12⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        11⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 236
        10⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59003.exe
        9⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
        10⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10703.exe
        11⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6095.exe
        12⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28125.exe
        13⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 220
        13⤵
        
        PID:13000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 220
        12⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
        11⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        10⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 240
        9⤵
        Program crash
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44146.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
        9⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        10⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48975.exe
        11⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
        12⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
        13⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 216
        13⤵
        
        PID:12740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 216
        12⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
        11⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        10⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
        9⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
        8⤵
        Program crash
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64011.exe
        8⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe
        9⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13448.exe
        10⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63941.exe
        11⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29832.exe
        12⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        13⤵
        
        PID:11860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 220
        13⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 220
        12⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        11⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        10⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
        9⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
        9⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13396.exe
        10⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe
        11⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        12⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9296 -s 216
        12⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
        11⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        10⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
        9⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 240
        8⤵
        Program crash
        
        PID:4016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
        7⤵
        Program crash
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
        8⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30052.exe
        9⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
        10⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
        11⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
        12⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
        13⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 236
        13⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 236
        12⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 236
        11⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
        10⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
        9⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51795.exe
        8⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53111.exe
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
        10⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        11⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        12⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7258.exe
        13⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 220
        12⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
        11⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        10⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
        9⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16133.exe
        7⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11193.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5280.exe
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57143.exe
        10⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
        11⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
        12⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 216
        12⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
        11⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
        10⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
        9⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
        8⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 220
        7⤵
        Program crash
        
        PID:2352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
        6⤵
        Program crash
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56782.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        8⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50781.exe
        9⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        10⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
        11⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
        12⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        13⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
        12⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
        11⤵
        
        PID:10116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
        10⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
        9⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
        8⤵
        Program crash
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20322.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        9⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
        10⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
        11⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
        12⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 216
        12⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 216
        11⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        10⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        9⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        8⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        7⤵
        Program crash
        
        PID:3088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
        6⤵
        Program crash
        
        PID:984
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
        5⤵
        Program crash
        
        PID:1716
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59444.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28905.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
        10⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65363.exe
        11⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        12⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26708.exe
        13⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        14⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
        15⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 216
        14⤵
        
        PID:12892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
        13⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        12⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
        11⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 216
        10⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57825.exe
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        10⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        11⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10371.exe
        12⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
        13⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 216
        13⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
        12⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
        11⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        10⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
        9⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
        8⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49979.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
        10⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22764.exe
        11⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
        12⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        13⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22033.exe
        14⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 216
        13⤵
        
        PID:12800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
        12⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
        11⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        10⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 236
        9⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
        8⤵
        Program crash
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49792.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe
        9⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        10⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59603.exe
        11⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        12⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4554.exe
        13⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 216
        13⤵
        
        PID:12528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
        12⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
        11⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 236
        10⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 216
        9⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
        9⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        10⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        11⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        12⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 216
        12⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
        11⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
        10⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        9⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
        8⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
        7⤵
        Program crash
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61297.exe
        7⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe
        9⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        10⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        11⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
        12⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30071.exe
        13⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 216
        13⤵
        
        PID:13120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
        12⤵
        
        PID:10680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        11⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        10⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
        9⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30689.exe
        8⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-594.exe
        9⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18872.exe
        10⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        11⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        12⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9244 -s 216
        12⤵
        
        PID:12860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 220
        11⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
        10⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        9⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 240
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35868.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15745.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        10⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19474.exe
        11⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23029.exe
        12⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9328 -s 216
        12⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
        11⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        10⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
        9⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
        8⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        7⤵
        Program crash
        
        PID:3252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
        6⤵
        Program crash
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        9⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49961.exe
        10⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25665.exe
        11⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29966.exe
        12⤵
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
        13⤵
        
        PID:13268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11948 -s 216
        13⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 236
        12⤵
        
        PID:12372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 236
        11⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        10⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
        9⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
        9⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22847.exe
        10⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
        11⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
        12⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 216
        12⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
        11⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        10⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        9⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 220
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5142.exe
        7⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20130.exe
        8⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15171.exe
        10⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
        11⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
        12⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 220
        12⤵
        
        PID:13212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
        11⤵
        
        PID:10812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 236
        10⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
        9⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 236
        8⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 220
        7⤵
        Program crash
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        6⤵
        Executes dropped EXE
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        7⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20225.exe
        8⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12218.exe
        9⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40330.exe
        10⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        10⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28125.exe
        11⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9280 -s 220
        11⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 220
        10⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
        8⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
        7⤵
        Program crash
        
        PID:3868
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        6⤵
        Program crash
        
        PID:900
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
        5⤵
        Program crash
        
        PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56590.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30571.exe
        7⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
        9⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
        10⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
        11⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
        12⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 216
        12⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
        11⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 236
        10⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        9⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
        8⤵
        Program crash
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5142.exe
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39673.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39681.exe
        9⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
        10⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        11⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe
        12⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 216
        12⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 236
        11⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
        10⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        9⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
        8⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
        7⤵
        Program crash
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21011.exe
        6⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50005.exe
        7⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        8⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1336.exe
        9⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        10⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59370.exe
        11⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1996.exe
        12⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 216
        11⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
        10⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        9⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
        8⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
        7⤵
        Program crash
        
        PID:3684
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
        6⤵
        Program crash
        
        PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1914.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19855.exe
        7⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
        8⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61663.exe
        9⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
        10⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64123.exe
        11⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57481.exe
        12⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        13⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 236
        12⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 220
        11⤵
        
        PID:10836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
        10⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        9⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 236
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        8⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        9⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
        10⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        11⤵
        
        PID:11408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 216
        11⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
        10⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
        9⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        8⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        7⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        6⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34712.exe
        7⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39297.exe
        8⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10895.exe
        9⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        10⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        11⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 216
        11⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 220
        10⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        9⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        8⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 216
        7⤵
        
        PID:5028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 220
        6⤵
        Program crash
        
        PID:3128
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
        5⤵
        Program crash
        
        PID:2152
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:444
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:3000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57213.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe
        9⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3492.exe
        10⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe
        11⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4128.exe
        12⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52909.exe
        13⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
        14⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 216
        13⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        12⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        11⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
        10⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        9⤵
        Program crash
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
        9⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
        10⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        11⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14097.exe
        12⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19127.exe
        13⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 216
        12⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
        11⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
        10⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 216
        9⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        8⤵
        Program crash
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45516.exe
        7⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
        8⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
        9⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45711.exe
        10⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14787.exe
        11⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30600.exe
        12⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28125.exe
        13⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 220
        13⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 220
        12⤵
        
        PID:10444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
        11⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
        10⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
        9⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55633.exe
        9⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24170.exe
        10⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
        11⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
        12⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 216
        12⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
        11⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
        10⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        9⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 220
        8⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
        7⤵
        Program crash
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        7⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
        8⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50747.exe
        9⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12820.exe
        10⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        11⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44165.exe
        12⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33351.exe
        13⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 236
        12⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
        11⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
        10⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 236
        9⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 216
        8⤵
        Program crash
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
        7⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57353.exe
        8⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48015.exe
        9⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        10⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34710.exe
        11⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21841.exe
        12⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 216
        11⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 236
        10⤵
        
        PID:9880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        9⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
        8⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
        7⤵
        Program crash
        
        PID:3328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 240
        6⤵
        Program crash
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13611.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
        7⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe
        9⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        10⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe
        11⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56438.exe
        12⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
        12⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
        11⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        10⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        9⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 236
        8⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 216
        7⤵
        Program crash
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51738.exe
        6⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
        7⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32657.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        10⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10013.exe
        11⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe
        12⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 216
        11⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        10⤵
        
        PID:9932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        9⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
        8⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
        7⤵
        Program crash
        
        PID:3588
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
        6⤵
        Program crash
        
        PID:1420
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
        5⤵
        Program crash
        
        PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13611.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37753.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10015.exe
        9⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26853.exe
        10⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43184.exe
        11⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
        12⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51285.exe
        13⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        14⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
        13⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
        12⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
        11⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        10⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
        9⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        10⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58036.exe
        11⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25136.exe
        12⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39656.exe
        13⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 216
        12⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
        11⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 236
        10⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        9⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
        8⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26055.exe
        7⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2122.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        9⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64403.exe
        10⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        11⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51716.exe
        12⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 216
        11⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
        10⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
        9⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 236
        8⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 220
        7⤵
        Program crash
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59906.exe
        6⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
        7⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9714.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
        9⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22411.exe
        10⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
        11⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
        12⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 236
        11⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        10⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
        9⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
        8⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
        7⤵
        Program crash
        
        PID:3808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 220
        6⤵
        Program crash
        
        PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe
        6⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
        7⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58915.exe
        8⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        9⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        10⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
        11⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64871.exe
        12⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11200 -s 236
        12⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
        11⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
        10⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
        9⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
        8⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
        7⤵
        Program crash
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
        6⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20213.exe
        7⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44040.exe
        8⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51300.exe
        9⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
        10⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51825.exe
        11⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
        10⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 236
        9⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        8⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 216
        7⤵
        
        PID:5612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        6⤵
        Program crash
        
        PID:3660
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240
        5⤵
        Program crash
        
        PID:2496
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57389.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43591.exe
        7⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
        8⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        9⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39437.exe
        10⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        11⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
        12⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        13⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 216
        12⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
        11⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
        10⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
        9⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 216
        8⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31923.exe
        8⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        9⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34108.exe
        10⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59754.exe
        11⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 216
        11⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
        10⤵
        
        PID:9756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        9⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        8⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
        7⤵
        Program crash
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
        6⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54364.exe
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        8⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48975.exe
        9⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44414.exe
        10⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        11⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
        12⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8840 -s 216
        11⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
        10⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
        9⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
        8⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
        7⤵
        
        PID:4220
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        6⤵
        Program crash
        
        PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        6⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 220
        7⤵
        Program crash
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
        6⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9364.exe
        7⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22909.exe
        8⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        9⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11129.exe
        10⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8612 -s 220
        10⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
        9⤵
        
        PID:10120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
        8⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        7⤵
        
        PID:5304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
        6⤵
        Program crash
        
        PID:3728
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
        5⤵
        Program crash
        
        PID:1604
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 236
      4⤵
      Program crash
      PID:2972
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1980
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
  2⤵
  - Program crash
  PID:2764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe

Filesize
184KB

MD5
ee30dba941731362715a2d2dac866a62

SHA1
376e50f2ebef628ad03b1b0e16075bd78bc1157f

SHA256
3bf34593903c9ec9fd3ca7a32c78e2cfcc159c810c1263f054b21fecc3d785ac

SHA512
df3f86e6228b1818827d357e98f9a2263f82e2d7a76ae628f1b8a37e6ba9eea39151ec3c265f1039649319b6043916a93519118fb94332eca93737afb2cdf779

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe

Filesize
184KB

MD5
82a734f1c24962b5a3c42f453964f5ad

SHA1
ed5d8800ccca82e3b75ac4892db905b93bf182cf

SHA256
d6acfdbb5b0b14987d1fec95b32fe1cb0f2b0978b7e034410a83e5a72af92198

SHA512
6b686d34533c86921520469551465e54a2a4c9e6060479e165635cb48e5590d1edc6a79de9ac0edfd76194592acb16aeaffa5f730b3cf9e4cc1012326c9a1c3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe

Filesize
184KB

MD5
b9ff87208d564c213a82aa37a0eba9b6

SHA1
0a6ff04fc8308d9ba14802284fe3faa0c63df09d

SHA256
987edd1f640dac8fc40ad01bde2e21ae1a4b2b2de338451c197ac03fff84787c

SHA512
59ac8112a24484e442429c0015430674e043ab3bc005acb6c314510a56bfb46368b3f3eeca51c874403ccaf60ede55238061883f15c438fac29969ad84b28ccf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe

Filesize
184KB

MD5
f88b81b04bfd420741e7398aa351fe0c

SHA1
b3d08f82a4ab8839ffd385728f2a959f6eff0390

SHA256
a0ea49f1c6244cb7da6ad8e6f8b41b51d692cccd27069a2f05888256a7bf9972

SHA512
39b726a8b983f8e6cf20e3b09dcd51d7c86a915a2855362ac6181280a4e0b4190e85cd4ddb6cd71d475f02581621b5b1e0ee62b5fdf78d9c2efbc6af56ad20e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe

Filesize
184KB

MD5
260d204b547968a8892fcb98fe89fe26

SHA1
4115de6a3f214d9672e100d6d52c6ffa6169a73e

SHA256
b488bc74fe985b1ad38f0c7b086a42c626140123c7beb405e4450f908a2824e0

SHA512
ac541b997410d58168d2fc9689c5b249aac43ac2a548804a0b6c248ff7a53bfa44a17190a5acebb35d6d6b16e78ec35dd460b918dacc2288fef3016de779eadc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe

Filesize
184KB

MD5
c7f66721d47013fab8d701784ec93c8a

SHA1
d5ec86574e931a3ba598534e9f2fc56a9b0e5675

SHA256
50791d4049dfd305db3e0e6c61731e5ad76c6a7b2ffae85c7a6d9c915737ae71

SHA512
82e00f4fbee59689e0e69ff0e29f51117a8e889a962da4a3d15e9dffe5c00e631e0b78b32682ddf9792c93ee9b473b5530eb638816a78acabbdd9a4cc9f0fa63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57389.exe

Filesize
184KB

MD5
5dddc1b7fac0a988a728dd0e23ca9abe

SHA1
a5b478c92958ac34eb186177e2bff00eb6b10593

SHA256
77c077b7d4e069e3cc5d8acfbee56c8d70d133ccc9aa584b71bddd6283cdde96

SHA512
9f2055755efbfec0099fdb37f05832a324e27ee54b0df43ac607ed9dc03b317ceee5162ef7aaffc5030dd31ecf58ce46aeaf66a63bdf05df99dfe89880351726

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe

Filesize
184KB

MD5
88e399705913a467f27b28e058c42611

SHA1
7ad918156828d7902999dc21b0fec8af2e82823b

SHA256
c834143c9520242378e8cddd00bde1889ca94c1fd821b6b7f6c58d9c5294ea49

SHA512
2997f4c30f8634d0a4871525a242eefb8d41e284e984becef6285787e66e715707691809e377efe7033f9483ddab120afd4233c18a16e63591300eac2fdb3a82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe

Filesize
184KB

MD5
2fabd032a19e071989ec8c705fb5ce5d

SHA1
5cb01533790bad3c29a4edc997a8fccfb01f97a9

SHA256
d5195d1921a97ad4a103ee5b7c1c460794688512dfd2812c1779de13ff0a1c71

SHA512
ca396a0630bc75bb062b7082f583b9ec7e0d83802c468c9dc52555d08e5c7534741d28e244c01cc5e6f73a8a7342a83466611d494730f3f35c60311d212cabb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe

Filesize
184KB

MD5
ccc81f218505040f47636d44e69135e1

SHA1
eaffac976f71b5a5bd59e33532948157f752b711

SHA256
085b590cbad0f94d97b4124c596ece58b093d6cb8d9610c8bbc5f99d884c9716

SHA512
07a5533000c9ba64ef01b06c9e1fc639aad4c9753c639d0ad58d2ddfda42b84921fbc29ab11fb4d531f1837d3da4583506736941397cc2b1f77d82332398fb9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe

Filesize
184KB

MD5
4b795f8ede2f2e2e5f6bb7f0a2de8a07

SHA1
79a7b06f486252104c5469b0cb847f466cbb8095

SHA256
956f8f48d7f50fa66517aefac392ac89518de5ec35cdff1fd9445c1b2c2ef80f

SHA512
58631b8437823fc525bffa1978cef18e2633725f1a4a6785032097c065b047647d4a246275b54c15b73c7f388668ea6ddb7c76345bd3184cb125f7eb99a7d218

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13938.exe

Filesize
184KB

MD5
2af8e8199c1a7c8846bcb4aab45b1655

SHA1
015002242a9a79e2814eb9dc7098b314997a0961

SHA256
492405f2e113dde95eb24b08e2137c1d253b6859069b4e2f4a97af5ec54e0084

SHA512
710c98f64161f3759e82c14b689ad3d7e4b32bcfdcb560abbd43043b4f9097edded6942ba98cda94c6885714c75f747949cc8cfafde701485ba48b6987c4eda1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15802.exe

Filesize
184KB

MD5
221eb0df89193d386939c4f5e71cba75

SHA1
1d155f8d7d75c50894e612a958eccd1aa34b5264

SHA256
c0db2d1c8f727ee9c92376a8025ee5912ab2d326777152e02e26fc9a67c9dd19

SHA512
cef8765d39955f032458ab738a2c1e61d29c8b7a74a22793c0ceb4930a281c25c7e29280def8ab501f0ae8127394622176140e31b34436b0fb955e1406743fd1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26662.exe

Filesize
184KB

MD5
49d649d2832821a2afbab5ecbba133fe

SHA1
1c69f63e61dbab0ba8817a45b8d4b40ffba94e84

SHA256
94faa4a3f22472ac8077c0f15ae257be59246bc2166ec5ba85531c649a3a4bdc

SHA512
8ccdaa8707bd9f69fc774981923075a6f80df1dc5ae532c058445c97d4b43dd02c3e73a1ca2b75581fa78c0be797e428216bf97e6b41dcb059e2564ed7ec9a5c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe

Filesize
184KB

MD5
8f34062fa99d129499fdd15e542b208d

SHA1
7074c8fa500eb6422590ffb4a63314c5fc723aaa

SHA256
28314434e20ef25cfb408caad8bb339060da77340464f59693358be3135abd40

SHA512
ac7e0812317af3484b099d6425ce82f11a31393366811a74bc86856f49f7976a4c94e2b613d347297f30623244cb888fa72c83f631f8cdc9165c2782dc942ad2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe

Filesize
184KB

MD5
4eeb07e249026c3c2d4d4a4bc43c7977

SHA1
53b92b368dd97157ce32d13e3f1023840bd33d41

SHA256
234b96920232d3e163550e33c7b9a355780ec8ac2ca0ad073ef2589b1de42d24

SHA512
11e259917108cba3d90399103939e409b58dc2958163e7a0d53079b06200fc79f4fae0a86d4adc528c19e275ecf25b1f18606aba59efb10e79717a253f4267c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48749.exe

Filesize
184KB

MD5
0e0347357457813fddbb8ea45aa07f28

SHA1
6ba5a3030477d05e13de2e50d6ae768ce972d06c

SHA256
8704a1efb899feffa298cfdb4676cda2412d51a5147de60ffd2043380a52c825

SHA512
3c75639320caf05308047984d6a9db670979c772326682f7193a1b644d6756561d58096af48937db697a6a87115b1c8486181fc443e914d550ea89a302e7ede4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59444.exe

Filesize
184KB

MD5
4f4794e014c4bb5263fcd0bb0e3e4c03

SHA1
240f8174d266b7af84e689d1007673c2f28501f0

SHA256
c39b0960da3d8e5972ea0891c3ac11187d480a09ae3354ae85c25e9b61cf8797

SHA512
52c1146aa410121fe69388e7f371d3bde88cde3404209bd1ff9d6d1c233a4efd94cdbe5d53bdde723b684e5457f3010c9f8684648ac3cc71582f3eec3edb9f5c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61857.exe

Filesize
184KB

MD5
6ccf41834844b0df1fedb688eed467ed

SHA1
59537da638d8dedca1dbef9ea7a411b5fa01b577

SHA256
1f0518a39eb4db648f61ac03b2c399d6f2f57a850f76d5a115c3c7692efeb351

SHA512
bf1650ac1f9a741db83e3e04b6eb15b20a0fedcbd483dc3119b92d6e9b91390d3f7df62b241a8c5b2a1f8a15e3b4a9fdd70c95c7e52f2bfdd0b413a49024996e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63694.exe

Filesize
184KB

MD5
ec5fc38116e25520b3a8d04071dc2755

SHA1
e7b4f34112d0fc9d1e4616d70513bdf82b6ea71f

SHA256
391c5ad1a920fcbe8a894b422b9baa3068f46f6254885e8322e761be0ad0f604

SHA512
25b378023bb82830ee276ab47afadf875441e58acf9306cf75541b9aa39936ac14983bb1a7f0d6ece9299c10e61c1deff48cb76caf90c54540be13d49f511c62

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe

Filesize
184KB

MD5
0b8698e9e9722b5e56ae0832a27fa6ef

SHA1
dcdec8e7a8810b247694b6af82bc1d2dc4d24d0a

SHA256
18bf0a5c619befc1e5170c9541a28f765ebced1ebcc04fd2333fe82d078566fb

SHA512
28aa6e52bb1afccbbeff4e47d3d93a5bf00d3661722db25674cda481b4e0d4e08097d1dce419be8740e2967caf96451ff708b81ad1b8a0e1ca2135781418ad19

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe

Filesize
184KB

MD5
695b0f6dd6f188b3216444631154d125

SHA1
b2f82f1882625a9a1de4708a9f477f3b6177c83b

SHA256
d5873580fe9cf06b6e03f2ca4cb70aa8b4ca22e3f24ac485d028d68604e716a6

SHA512
8c809cd762187417e88d6df6a910bbe8563caa45c592093d2d03b7989e18718d70a157fd4d592aba3e0ab8f516312452d7fb3086abdb579489e0bb7c02f1eed3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads