bd92805c24d9fd48782736e88a8445d9a0eae97e4659e3d88cffeea9f384a167

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe
Size

184KB
MD5

196895c374e40360c37fbff1d8ebf780
SHA1

93a7d80baf8616396bba5f2bf47e8ed5cd659239
SHA256

bd92805c24d9fd48782736e88a8445d9a0eae97e4659e3d88cffeea9f384a167
SHA512

4db68dbb36624255f080fe917f9bf8c8fbba709fe7ca3fd5ce4f7ea1f26d309642bde7425ac1aba600e3fb6bd11474a3013e8b5b9d54807aac9506de9aee5b0d
SSDEEP

3072:eLaOJco6NJhOjy4eeLY11VVgglnViFMnY:eLeoOky4W1HVgglnViFM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1932	Unicorn-10619.exe
2740	Unicorn-52280.exe
1180	Unicorn-48751.exe
2648	Unicorn-34455.exe
2688	Unicorn-49914.exe
2652	Unicorn-62721.exe
688	Unicorn-24969.exe
2796	Unicorn-37775.exe
2940	Unicorn-41113.exe
2376	Unicorn-9317.exe
1608	Unicorn-53920.exe
3016	Unicorn-20312.exe
3028	Unicorn-3591.exe
1928	Unicorn-16398.exe
2900	Unicorn-22808.exe
2448	Unicorn-22808.exe
2240	Unicorn-55480.exe
2272	Unicorn-35614.exe
1092	Unicorn-51951.exe
2460	Unicorn-57566.exe
2120	Unicorn-11894.exe
1648	Unicorn-34583.exe
1316	Unicorn-649.exe
1588	Unicorn-649.exe
2236	Unicorn-1526.exe
1232	Unicorn-47198.exe
1080	Unicorn-47198.exe
2092	Unicorn-14333.exe
2004	Unicorn-62465.exe
1596	Unicorn-1334.exe
844	Unicorn-34199.exe
2000	Unicorn-17671.exe
1668	Unicorn-59798.exe
1500	Unicorn-28003.exe
2264	Unicorn-8137.exe
2520	Unicorn-59030.exe
2680	Unicorn-55501.exe
2496	Unicorn-9637.exe
2536	Unicorn-22444.exe
2560	Unicorn-25782.exe
2804	Unicorn-56736.exe
2848	Unicorn-10680.exe
2968	Unicorn-23487.exe
1604	Unicorn-43353.exe
1708	Unicorn-10488.exe
1040	Unicorn-26825.exe
1616	Unicorn-23295.exe
3000	Unicorn-59497.exe
1992	Unicorn-59497.exe
1428	Unicorn-26633.exe
832	Unicorn-23103.exe
480	Unicorn-55045.exe
1472	Unicorn-5844.exe
1260	Unicorn-18651.exe
1124	Unicorn-18651.exe
1044	Unicorn-38325.exe
3064	Unicorn-54277.exe
2036	Unicorn-21413.exe
568	Unicorn-37291.exe
1968	Unicorn-6887.exe
2444	Unicorn-19694.exe
2024	Unicorn-4235.exe
2984	Unicorn-24101.exe
2260	Unicorn-55704.exe

Loads dropped DLL 64 IoCs

pid	Process
3044	196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe
3044	196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe
1932	Unicorn-10619.exe
3044	196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe
1932	Unicorn-10619.exe
3044	196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe
1180	Unicorn-48751.exe
2740	Unicorn-52280.exe
1180	Unicorn-48751.exe
2740	Unicorn-52280.exe
1932	Unicorn-10619.exe
1932	Unicorn-10619.exe
2972	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
2648	Unicorn-34455.exe
2648	Unicorn-34455.exe
2740	Unicorn-52280.exe
2740	Unicorn-52280.exe
2652	Unicorn-62721.exe
2652	Unicorn-62721.exe
2688	Unicorn-49914.exe
2688	Unicorn-49914.exe
1180	Unicorn-48751.exe
1180	Unicorn-48751.exe
1680	WerFault.exe
1680	WerFault.exe
1680	WerFault.exe
1680	WerFault.exe
1564	WerFault.exe
1564	WerFault.exe
1564	WerFault.exe
1564	WerFault.exe
1564	WerFault.exe
1680	WerFault.exe
2796	Unicorn-37775.exe
2796	Unicorn-37775.exe
688	Unicorn-24969.exe
688	Unicorn-24969.exe
2648	Unicorn-34455.exe
2648	Unicorn-34455.exe
2376	Unicorn-9317.exe
1608	Unicorn-53920.exe
1608	Unicorn-53920.exe
2376	Unicorn-9317.exe
2688	Unicorn-49914.exe
2688	Unicorn-49914.exe
2940	Unicorn-41113.exe
2940	Unicorn-41113.exe
2652	Unicorn-62721.exe
2652	Unicorn-62721.exe
840	WerFault.exe
840	WerFault.exe
840	WerFault.exe
840	WerFault.exe
840	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
900	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2780	3044	WerFault.exe	27
2972	1932	WerFault.exe	28
1680	1180	WerFault.exe	30
1564	2740	WerFault.exe	29
840	2648	WerFault.exe	33
1748	2652	WerFault.exe	34
900	2688	WerFault.exe	32
2016	2796	WerFault.exe	37
1572	688	WerFault.exe	36
2388	1608	WerFault.exe	40
1600	2376	WerFault.exe	39
2712	2940	WerFault.exe	38
2892	3016	WerFault.exe	43
2100	1928	WerFault.exe	45
1796	2448	WerFault.exe	46
1840	3028	WerFault.exe	44
1692	2240	WerFault.exe	49
1960	2900	WerFault.exe	47
292	2272	WerFault.exe	48
1256	1092	WerFault.exe	50
1940	2120	WerFault.exe	55
1568	2460	WerFault.exe	54
2124	1648	WerFault.exe	56
2716	1316	WerFault.exe	57
2976	1588	WerFault.exe	58
1272	2000	WerFault.exe	66
828	1232	WerFault.exe	60
2432	2236	WerFault.exe	59
1244	1080	WerFault.exe	61
1100	2092	WerFault.exe	63
632	2004	WerFault.exe	64
1348	844	WerFault.exe	62
888	2452	WerFault.exe	115
3084	1668	WerFault.exe	69
3092	1500	WerFault.exe	73
3116	2264	WerFault.exe	72
3156	2520	WerFault.exe	75
3172	2496	WerFault.exe	77
3260	2804	WerFault.exe	80
3336	2968	WerFault.exe	82
3352	832	WerFault.exe	90
3360	1428	WerFault.exe	89
3384	1604	WerFault.exe	83
3392	1708	WerFault.exe	85
3444	1616	WerFault.exe	86
3488	1040	WerFault.exe	84
3484	2536	WerFault.exe	78
3684	3000	WerFault.exe	87
3780	2848	WerFault.exe	81
3920	2560	WerFault.exe	79
3916	2680	WerFault.exe	76
3964	1992	WerFault.exe	88
3984	2228	WerFault.exe	122
4060	2504	WerFault.exe	123
4084	2792	WerFault.exe	113
3248	2772	WerFault.exe	112
3344	2260	WerFault.exe	111
3080	3064	WerFault.exe	104
3432	480	WerFault.exe	93
3564	2980	WerFault.exe	117
3696	624	WerFault.exe	121
3788	2444	WerFault.exe	108
3948	2180	WerFault.exe	132
3196	2768	WerFault.exe	133

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3044	196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe
1932	Unicorn-10619.exe
1180	Unicorn-48751.exe
2740	Unicorn-52280.exe
2648	Unicorn-34455.exe
2652	Unicorn-62721.exe
2688	Unicorn-49914.exe
688	Unicorn-24969.exe
2796	Unicorn-37775.exe
2940	Unicorn-41113.exe
2376	Unicorn-9317.exe
1608	Unicorn-53920.exe
3016	Unicorn-20312.exe
1928	Unicorn-16398.exe
3028	Unicorn-3591.exe
2900	Unicorn-22808.exe
2448	Unicorn-22808.exe
2240	Unicorn-55480.exe
2272	Unicorn-35614.exe
1092	Unicorn-51951.exe
2120	Unicorn-11894.exe
2460	Unicorn-57566.exe
1648	Unicorn-34583.exe
1316	Unicorn-649.exe
1588	Unicorn-649.exe
2004	Unicorn-62465.exe
1080	Unicorn-47198.exe
1232	Unicorn-47198.exe
844	Unicorn-34199.exe
2092	Unicorn-14333.exe
2236	Unicorn-1526.exe
2000	Unicorn-17671.exe
1668	Unicorn-59798.exe
2264	Unicorn-8137.exe
1500	Unicorn-28003.exe
2520	Unicorn-59030.exe
2680	Unicorn-55501.exe
2496	Unicorn-9637.exe
2536	Unicorn-22444.exe
2560	Unicorn-25782.exe
2804	Unicorn-56736.exe
2848	Unicorn-10680.exe
2968	Unicorn-23487.exe
1708	Unicorn-10488.exe
1604	Unicorn-43353.exe
1040	Unicorn-26825.exe
1616	Unicorn-23295.exe
3000	Unicorn-59497.exe
1992	Unicorn-59497.exe
1428	Unicorn-26633.exe
832	Unicorn-23103.exe
480	Unicorn-55045.exe
1472	Unicorn-5844.exe
1260	Unicorn-18651.exe
1124	Unicorn-18651.exe
1044	Unicorn-38325.exe
3064	Unicorn-54277.exe
2036	Unicorn-21413.exe
568	Unicorn-37291.exe
1968	Unicorn-6887.exe
2444	Unicorn-19694.exe
2024	Unicorn-4235.exe
2984	Unicorn-24101.exe
2260	Unicorn-55704.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 1932	3044	196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe	28
PID 3044 wrote to memory of 1932	3044	196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe	28
PID 3044 wrote to memory of 1932	3044	196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe	28
PID 3044 wrote to memory of 1932	3044	196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe	28
PID 1932 wrote to memory of 2740	1932	Unicorn-10619.exe	29
PID 1932 wrote to memory of 2740	1932	Unicorn-10619.exe	29
PID 1932 wrote to memory of 2740	1932	Unicorn-10619.exe	29
PID 1932 wrote to memory of 2740	1932	Unicorn-10619.exe	29
PID 3044 wrote to memory of 1180	3044	196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe	30
PID 3044 wrote to memory of 1180	3044	196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe	30
PID 3044 wrote to memory of 1180	3044	196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe	30
PID 3044 wrote to memory of 1180	3044	196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe	30
PID 3044 wrote to memory of 2780	3044	196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe	31
PID 3044 wrote to memory of 2780	3044	196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe	31
PID 3044 wrote to memory of 2780	3044	196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe	31
PID 3044 wrote to memory of 2780	3044	196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe	31
PID 1180 wrote to memory of 2688	1180	Unicorn-48751.exe	32
PID 1180 wrote to memory of 2688	1180	Unicorn-48751.exe	32
PID 1180 wrote to memory of 2688	1180	Unicorn-48751.exe	32
PID 1180 wrote to memory of 2688	1180	Unicorn-48751.exe	32
PID 2740 wrote to memory of 2648	2740	Unicorn-52280.exe	33
PID 2740 wrote to memory of 2648	2740	Unicorn-52280.exe	33
PID 2740 wrote to memory of 2648	2740	Unicorn-52280.exe	33
PID 2740 wrote to memory of 2648	2740	Unicorn-52280.exe	33
PID 1932 wrote to memory of 2652	1932	Unicorn-10619.exe	34
PID 1932 wrote to memory of 2652	1932	Unicorn-10619.exe	34
PID 1932 wrote to memory of 2652	1932	Unicorn-10619.exe	34
PID 1932 wrote to memory of 2652	1932	Unicorn-10619.exe	34
PID 1932 wrote to memory of 2972	1932	Unicorn-10619.exe	35
PID 1932 wrote to memory of 2972	1932	Unicorn-10619.exe	35
PID 1932 wrote to memory of 2972	1932	Unicorn-10619.exe	35
PID 1932 wrote to memory of 2972	1932	Unicorn-10619.exe	35
PID 2648 wrote to memory of 688	2648	Unicorn-34455.exe	36
PID 2648 wrote to memory of 688	2648	Unicorn-34455.exe	36
PID 2648 wrote to memory of 688	2648	Unicorn-34455.exe	36
PID 2648 wrote to memory of 688	2648	Unicorn-34455.exe	36
PID 2740 wrote to memory of 2796	2740	Unicorn-52280.exe	37
PID 2740 wrote to memory of 2796	2740	Unicorn-52280.exe	37
PID 2740 wrote to memory of 2796	2740	Unicorn-52280.exe	37
PID 2740 wrote to memory of 2796	2740	Unicorn-52280.exe	37
PID 2652 wrote to memory of 2940	2652	Unicorn-62721.exe	38
PID 2652 wrote to memory of 2940	2652	Unicorn-62721.exe	38
PID 2652 wrote to memory of 2940	2652	Unicorn-62721.exe	38
PID 2652 wrote to memory of 2940	2652	Unicorn-62721.exe	38
PID 2688 wrote to memory of 2376	2688	Unicorn-49914.exe	39
PID 2688 wrote to memory of 2376	2688	Unicorn-49914.exe	39
PID 2688 wrote to memory of 2376	2688	Unicorn-49914.exe	39
PID 2688 wrote to memory of 2376	2688	Unicorn-49914.exe	39
PID 1180 wrote to memory of 1608	1180	Unicorn-48751.exe	40
PID 1180 wrote to memory of 1608	1180	Unicorn-48751.exe	40
PID 1180 wrote to memory of 1608	1180	Unicorn-48751.exe	40
PID 1180 wrote to memory of 1608	1180	Unicorn-48751.exe	40
PID 1180 wrote to memory of 1680	1180	Unicorn-48751.exe	41
PID 1180 wrote to memory of 1680	1180	Unicorn-48751.exe	41
PID 1180 wrote to memory of 1680	1180	Unicorn-48751.exe	41
PID 1180 wrote to memory of 1680	1180	Unicorn-48751.exe	41
PID 2740 wrote to memory of 1564	2740	Unicorn-52280.exe	42
PID 2740 wrote to memory of 1564	2740	Unicorn-52280.exe	42
PID 2740 wrote to memory of 1564	2740	Unicorn-52280.exe	42
PID 2740 wrote to memory of 1564	2740	Unicorn-52280.exe	42
PID 2796 wrote to memory of 3016	2796	Unicorn-37775.exe	43
PID 2796 wrote to memory of 3016	2796	Unicorn-37775.exe	43
PID 2796 wrote to memory of 3016	2796	Unicorn-37775.exe	43
PID 2796 wrote to memory of 3016	2796	Unicorn-37775.exe	43

C:\Users\Admin\AppData\Local\Temp\196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\196895c374e40360c37fbff1d8ebf780_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10619.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10619.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34455.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-649.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6887.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37949.exe
        10⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        11⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        12⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        13⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        14⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
        15⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11080 -s 220
        15⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 216
        14⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
        13⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        12⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 216
        11⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        10⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
        11⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        12⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58115.exe
        13⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
        14⤵
        
        PID:13028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11068 -s 216
        14⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
        12⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        11⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
        10⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
        9⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15812.exe
        10⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30870.exe
        11⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        12⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54094.exe
        13⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        14⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 236
        13⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
        12⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
        11⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 216
        10⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        9⤵
        Program crash
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23149.exe
        9⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10554.exe
        10⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23802.exe
        11⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
        12⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62210.exe
        13⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
        14⤵
        
        PID:12428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 236
        13⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        12⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        11⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 216
        10⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
        9⤵
        Program crash
        
        PID:3788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
        8⤵
        Program crash
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4700.exe
        9⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63201.exe
        10⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37891.exe
        11⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
        12⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
        13⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe
        14⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
        13⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        11⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 216
        10⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 216
        9⤵
        Program crash
        
        PID:3344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
        8⤵
        Program crash
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 220
        7⤵
        Program crash
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26825.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
        8⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
        9⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe
        10⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        11⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53015.exe
        12⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-641.exe
        13⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 236
        13⤵
        
        PID:12492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
        12⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
        11⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        10⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
        9⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-595.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50082.exe
        9⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42779.exe
        10⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17708.exe
        11⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe
        12⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
        13⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10616 -s 216
        13⤵
        
        PID:13244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
        12⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
        11⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        10⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        9⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
        8⤵
        Program crash
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35921.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        8⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32127.exe
        9⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 240
        10⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
        9⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1598.exe
        9⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24301.exe
        10⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19404.exe
        11⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
        12⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9740 -s 236
        12⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
        11⤵
        
        PID:10560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
        10⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 236
        9⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
        8⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 240
        7⤵
        Program crash
        
        PID:1244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
        6⤵
        Program crash
        
        PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16398.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59030.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21413.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
        9⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        10⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
        11⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55644.exe
        12⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        13⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        14⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48812.exe
        15⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 236
        14⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
        13⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
        12⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
        11⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
        10⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
        10⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5265.exe
        11⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
        12⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        13⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 216
        13⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
        12⤵
        
        PID:10044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
        11⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        10⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
        9⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16848.exe
        8⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
        10⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62001.exe
        11⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
        12⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51892.exe
        13⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 236
        13⤵
        
        PID:12540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 236
        12⤵
        
        PID:10244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
        11⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        10⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 236
        9⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        8⤵
        Program crash
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
        8⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2993.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        10⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
        11⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56029.exe
        12⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21782.exe
        13⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10912 -s 216
        13⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
        12⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 236
        11⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        10⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 216
        9⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43521.exe
        9⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
        10⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58115.exe
        11⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
        12⤵
        
        PID:12984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
        11⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        10⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        9⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 220
        8⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        7⤵
        Program crash
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55501.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54277.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36496.exe
        8⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        9⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33174.exe
        10⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
        11⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53710.exe
        12⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        13⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8596 -s 216
        12⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
        11⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
        10⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 216
        9⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 216
        8⤵
        Program crash
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-979.exe
        7⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14550.exe
        8⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
        9⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28160.exe
        10⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51297.exe
        11⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe
        12⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 216
        11⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
        10⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 236
        9⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 216
        8⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        7⤵
        Program crash
        
        PID:3916
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
        6⤵
        Program crash
        
        PID:2100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20312.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11894.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59798.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        9⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
        10⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        11⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        12⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        13⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54644.exe
        14⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
        15⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8880 -s 216
        14⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 216
        13⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 236
        12⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
        11⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
        10⤵
        Program crash
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24409.exe
        9⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        10⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31996.exe
        11⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19302.exe
        12⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2646.exe
        13⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        14⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8764 -s 216
        13⤵
        
        PID:924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 216
        12⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        11⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
        10⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 240
        9⤵
        Program crash
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59243.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10917.exe
        9⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21370.exe
        10⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64284.exe
        11⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        12⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19559.exe
        13⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
        14⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 216
        13⤵
        
        PID:940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
        12⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 236
        11⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
        10⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 216
        9⤵
        Program crash
        
        PID:3196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
        8⤵
        Program crash
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        8⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        9⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61795.exe
        10⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
        11⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24123.exe
        12⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32940.exe
        13⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 236
        13⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
        12⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
        11⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        10⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 216
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        8⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49849.exe
        9⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25728.exe
        10⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28979.exe
        11⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24363.exe
        12⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 236
        12⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
        11⤵
        
        PID:11216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        10⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
        9⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
        8⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        7⤵
        Program crash
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8137.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37098.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
        9⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        10⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        11⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        12⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46490.exe
        13⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 216
        13⤵
        
        PID:12740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
        10⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
        9⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25151.exe
        8⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        9⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36459.exe
        10⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
        11⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        12⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
        12⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
        11⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
        10⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
        9⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 240
        8⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-704.exe
        7⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51561.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11032.exe
        9⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12992.exe
        10⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-573.exe
        11⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45099.exe
        12⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
        11⤵
        
        PID:10172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
        10⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        9⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
        8⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        7⤵
        Program crash
        
        PID:3116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
        6⤵
        Program crash
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28003.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29716.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        9⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
        10⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3236.exe
        11⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
        12⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38500.exe
        13⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        14⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 216
        13⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
        12⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        11⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
        9⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23807.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
        9⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        10⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56411.exe
        11⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43731.exe
        12⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 216
        12⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
        11⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
        10⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        9⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 240
        8⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60478.exe
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
        8⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
        9⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        10⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16479.exe
        11⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26727.exe
        11⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
        12⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 236
        12⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 240
        11⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 236
        10⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        9⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
        8⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
        7⤵
        Program crash
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31335.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39408.exe
        9⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        10⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57371.exe
        11⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42963.exe
        12⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 236
        12⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
        11⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
        10⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        9⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
        8⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        7⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        8⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40818.exe
        9⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
        10⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10617.exe
        11⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 236
        11⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 220
        10⤵
        
        PID:10036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
        9⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        8⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
        7⤵
        
        PID:4212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
        6⤵
        Program crash
        
        PID:1568
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        5⤵
        Program crash
        
        PID:2016
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1526.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        8⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38800.exe
        9⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33191.exe
        10⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        11⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe
        12⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
        13⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57120.exe
        14⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
        13⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 216
        12⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
        11⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 216
        10⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 216
        9⤵
        Program crash
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35078.exe
        8⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50741.exe
        9⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
        10⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
        11⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        12⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
        13⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 216
        13⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 220
        12⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
        11⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        10⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 236
        9⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
        8⤵
        Program crash
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe
        7⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20186.exe
        8⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40949.exe
        9⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10272.exe
        10⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
        11⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe
        12⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52207.exe
        13⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10868 -s 216
        13⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 236
        12⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 236
        11⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        10⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 216
        9⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        8⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
        8⤵
        Program crash
        
        PID:3984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
        7⤵
        Program crash
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6778.exe
        7⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46092.exe
        9⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50071.exe
        10⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
        11⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38929.exe
        12⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9412 -s 236
        12⤵
        
        PID:12644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 236
        11⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
        10⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        9⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 236
        8⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35078.exe
        7⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18069.exe
        8⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43329.exe
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        10⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
        11⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        12⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10948 -s 216
        12⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
        11⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 236
        10⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        9⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 216
        8⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        7⤵
        Program crash
        
        PID:3444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
        6⤵
        Program crash
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        7⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        8⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43430.exe
        9⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        10⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47880.exe
        11⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe
        12⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 216
        12⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
        11⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        10⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
        9⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 216
        8⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46865.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        9⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4563.exe
        10⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
        11⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48386.exe
        12⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 216
        11⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
        10⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        9⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 216
        8⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
        7⤵
        Program crash
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
        6⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36112.exe
        7⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
        8⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32598.exe
        9⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        10⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        11⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 216
        11⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
        10⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
        9⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 236
        8⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 216
        7⤵
        Program crash
        
        PID:3564
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
        6⤵
        Program crash
        
        PID:1100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
        5⤵
        Program crash
        
        PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
        5⤵
        Executes dropped EXE
        
        PID:1596
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 236
        5⤵
        Program crash
        
        PID:1256
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1748
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49914.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49914.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22808.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-649.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12538.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27145.exe
        9⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        10⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
        11⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
        12⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
        13⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1609.exe
        14⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 216
        13⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
        12⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
        11⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        10⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
        9⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
        8⤵
        Program crash
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4235.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12210.exe
        9⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        10⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14724.exe
        11⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21752.exe
        12⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 216
        12⤵
        
        PID:12440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
        11⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
        10⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        9⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 216
        8⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
        7⤵
        Program crash
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22444.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24101.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19584.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16341.exe
        9⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        10⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63753.exe
        11⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
        12⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60242.exe
        13⤵
        
        PID:12388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10272 -s 216
        13⤵
        
        PID:13140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
        12⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 236
        11⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
        10⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 216
        9⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
        8⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42779.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34044.exe
        10⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42962.exe
        11⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
        12⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10580 -s 216
        12⤵
        
        PID:13228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
        11⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        10⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        9⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        8⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54253.exe
        9⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34823.exe
        10⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe
        11⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60171.exe
        12⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 216
        11⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
        10⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
        9⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
        8⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        7⤵
        Program crash
        
        PID:3484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        6⤵
        Program crash
        
        PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        7⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
        9⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        10⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31352.exe
        11⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        12⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 216
        12⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
        11⤵
        
        PID:10200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        10⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
        9⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 216
        8⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-979.exe
        7⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
        8⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        10⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
        11⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52207.exe
        12⤵
        
        PID:12828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10940 -s 216
        12⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
        11⤵
        
        PID:11336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
        10⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        9⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 216
        8⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        7⤵
        Program crash
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exe
        6⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14181.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62620.exe
        8⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33735.exe
        9⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        10⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        11⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9464 -s 216
        11⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
        10⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
        9⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        8⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        7⤵
        
        PID:4112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
        6⤵
        Program crash
        
        PID:828
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        5⤵
        Program crash
        
        PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35614.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17671.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10680.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55320.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
        8⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16580.exe
        9⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61129.exe
        10⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
        11⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51406.exe
        12⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
        13⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 216
        12⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
        11⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
        10⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
        9⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
        8⤵
        Program crash
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
        7⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        8⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8041.exe
        9⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        10⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
        11⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        12⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
        11⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
        10⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
        9⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 236
        8⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        7⤵
        Program crash
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2206.exe
        6⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38141.exe
        7⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14083.exe
        8⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        9⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        10⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        11⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
        12⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 236
        11⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 236
        10⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 236
        9⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
        8⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
        7⤵
        Program crash
        
        PID:4084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
        6⤵
        Program crash
        
        PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23487.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38224.exe
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
        9⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51159.exe
        10⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47410.exe
        11⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43835.exe
        12⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 236
        11⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
        10⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
        9⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 216
        8⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        7⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42696.exe
        8⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55772.exe
        9⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        10⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        11⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10792 -s 216
        11⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
        10⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        9⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18358.exe
        6⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34322.exe
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6978.exe
        9⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
        10⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52925.exe
        11⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 236
        11⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
        10⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        9⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        7⤵
        
        PID:4724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        6⤵
        Program crash
        
        PID:3336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
        5⤵
        Program crash
        
        PID:292
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22808.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34199.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26633.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48753.exe
        7⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        8⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24224.exe
        9⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        10⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5316.exe
        11⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42605.exe
        12⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 216
        12⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
        11⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
        10⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        9⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 236
        8⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 216
        7⤵
        Program crash
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
        6⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24805.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        9⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55419.exe
        10⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
        11⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30054.exe
        12⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11028 -s 216
        12⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
        11⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
        10⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        9⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
        8⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37227.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe
        9⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
        10⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23510.exe
        11⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10992 -s 216
        11⤵
        
        PID:12508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
        10⤵
        
        PID:11328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
        9⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        8⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
        7⤵
        
        PID:4616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 240
        6⤵
        Program crash
        
        PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23103.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7162.exe
        6⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
        7⤵
        Program crash
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34886.exe
        6⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17794.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
        8⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
        9⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40978.exe
        10⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        11⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 216
        11⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
        10⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
        9⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
        8⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
        7⤵
        
        PID:4856
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 220
        6⤵
        Program crash
        
        PID:3352
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
        5⤵
        Program crash
        
        PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
        6⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12568.exe
        8⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48535.exe
        9⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37037.exe
        10⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        11⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9244 -s 236
        11⤵
        
        PID:12556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
        10⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 236
        9⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        8⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
        7⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        6⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        7⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
        8⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
        9⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
        10⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2517.exe
        11⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
        10⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        9⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        8⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 236
        7⤵
        
        PID:5316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
        6⤵
        Program crash
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
        5⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
        6⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
        8⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe
        9⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        10⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2278.exe
        11⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 236
        10⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
        9⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        8⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 216
        7⤵
        
        PID:5984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
        6⤵
        Program crash
        
        PID:4060
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
        5⤵
        Program crash
        
        PID:632
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
      4⤵
      Program crash
      PID:2388
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1680
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
  2⤵
  - Program crash
  PID:2780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe

Filesize
184KB

MD5
b8398864154ce5d5b437168e4e83291b

SHA1
656e2fd1989bd3ec13b8f3b1c0f1ef762c75fb38

SHA256
c4bd598937d083533e8f7aef7ac7a445a886a6d73f311802082946dc00730461

SHA512
b7447cb1b2cc51de95363566a60ef02486b0e8d68d46257a1b15d0e37136846ac62a031002952279802946b4e96611d14ad517f75dafced84c97fe687e619c70

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe

Filesize
184KB

MD5
88a5a789d0b24cc2614314727a9738e1

SHA1
ff85f896a6f786961d5a02706d420141990ec34a

SHA256
0b9e075575f0e3f812a7296228c2ad6f8441a536df6a9ae13b80e812b048458c

SHA512
d4bf7086e5834104af490958cee8ada46887574b39477775aef0147b83ba0dea028d8480f0657c1e6db42e5348be321e6aa9d9a658d635e74c065747a15dd5fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe

Filesize
184KB

MD5
408c3c321e7b7083710aaf84185ac63a

SHA1
114a285a8c2514da08e0296cc75845f69273bda0

SHA256
9ecbfd8f336403c6460681d4ee31dd93a7706a1987e0f00f2681e02348e81012

SHA512
a8e4e7ed84729e5310c932aa10d357d8a98500a64bd8ded2f3e2cfc58f052ed1bfdfd5fa4ef5561b6dcd1362c3b8cef99bd88809da1600a7c3ade2f3f201a6cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe

Filesize
184KB

MD5
aee447e3a4083b981f39d727f2b4ce53

SHA1
061bdb29b1b2b7693bda14c2578684aeb0323c96

SHA256
37e149232cb0249d78a96df937e4b3eb5465db89856fdf5e7347c79efd3512ca

SHA512
f0df9b5ab8896ff036305071c1195bb5261806cb6a2062db101178871f10ea3d5f5592710e4a28075a719624d3ea1734e32d4b192909d07b78b236ced94a3f58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe

Filesize
184KB

MD5
6af476d7c4cd1dc5dd77a54fc417d926

SHA1
eb0127885db41c849c15d6c22553812206146c97

SHA256
9a5b76e0973fb64a8fa6c09b349368f6b82960581a4fb16997d94f274880d6cf

SHA512
fabff79388342c0fe94976e952f4b5027b59d6db899556179033307cd7be3874a9c8d0774d4c9f115132c4fa87c7c7f163f2fafc83ad2bc5b51d27ea0b116a94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe

Filesize
184KB

MD5
e53a9bd7fe47dbae39311c3281f758ef

SHA1
5b57aabad2a9a26d03fe209ec4f5f4462a3a85b7

SHA256
038535fbf9d077d7b3ea5a417793eaa0a335421b229812b13469903ba546f4f9

SHA512
799242f054bb8de9178b48a92ea883c6cdca9f156f21980cf7d242b9889acb35f34c852bbc1e25d98784642e8bfb9b41234292f34c829007a3058a4f1858cca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe

Filesize
184KB

MD5
eac3dc8b28a2d85f429e8bffd1ea0b8e

SHA1
2c1daeee59a54efd734978fe6cbf080ff55e5dad

SHA256
5c6d5286db913ffb1d3b22f703224c68e3145d8c4e62a7f4a22814ee6240e42b

SHA512
abd6cc882bccaeef8aafd4e43ee879f89f42249d2cc442b99386f097a5ddf10d50a0407e8192739b25a447592b76f478e64ca8784de22b75a652bb7fe4605451

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe

Filesize
184KB

MD5
fc918e32e1cb0813b2e843eb58021a04

SHA1
1c6879a25cc5f0df956259351776e68a5c275cd5

SHA256
5383fb17b6b11a531b973a4ce7cb172a65e8daf99c339b2ed99a002c57e8b8d3

SHA512
9d67bd0444bf3d2a1b5f1bd8029dd49ccf83105fd8760964861afd30ee5cdeb65229e5ddd7b683e8dd9cbaab29ddb29b5704a1c3ecb3d58bfcc78cde8bca3207

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe

Filesize
184KB

MD5
b16fa320ae28500c0df97a6d315914de

SHA1
1af8c773850400ab3dd3f4b7ffe704815be8733d

SHA256
45f1564b3a19e592a21d694543787c85e3a073ec7b93416f0158278e8af5b2f6

SHA512
e80a313f6a68e6078baba857855d7bf9512d9b58d9e0b5cf3711916426b601e8569d86d4aa36ef284e992b65acb89a80f71284745c48e883ce9997093dad8e07

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10619.exe

Filesize
184KB

MD5
e27d665aee7f90ca0adad8dd68a741ae

SHA1
6f927bbad839b23456e1865a2247623c1c50d69a

SHA256
9ed242704af8c9345719dffbcd53ec7cdfb8434a3cabf211df8f2c44dbfdf6f0

SHA512
08253fcc67c904f76c6a228c3643548d3cd3d2c80f7ebd01ce214919f00715da79d52962542d617cfa46a566fa13330ae3077503f5632cb10b969d9d33652dae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16398.exe

Filesize
184KB

MD5
8a55bfbd3ca9328d1a79b555ac9aa746

SHA1
71ddf766be0b68069c0ddc386ba33584d86866a4

SHA256
55f77b78ee01bf7db2909e7c304a04b391a8a7da59a53f322ce264ad50a4952b

SHA512
0db506be6195add7ef7316b8eb4f020ac4c44320474ab2ce931b2e16e36f760e3bce8628afbd3402134b6c8c69a6b6494b559e58cd1cb97d98738cee3209a641

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20312.exe

Filesize
184KB

MD5
331babe085c233cb86bf8b40ce0a8aff

SHA1
88aa4e302003730547f4d5ca0493a60b233f7c42

SHA256
8a3a521d5894375e6ff29cec994a2891aabe991b3f956e2064b2fa3da74ae541

SHA512
9752181913141248bbaec8540e34707f71dbb6741dae97d09b972f85daa577d306b8c961e471864b6b0a778816038dd4446dd8db13202451834fc2cb12f7d7c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe

Filesize
184KB

MD5
221ce43aff5ddeb831032ff45387566e

SHA1
dd09dc9e97bdd69a22bf1e836ba78094dde6e460

SHA256
703e1233433443c9229bed8623693b90edbcd38551b3efdf0a38c68e339ea4dd

SHA512
5ccf77e40700ef042d8084c6a6f101e5c41bc9a5e1cf97920cb3fe3649f1582b0115a28bc62dbcbf277da800805a6030551c6d513d0c3a832e20df2aad4be33f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34455.exe

Filesize
184KB

MD5
11016f1add34cd63f329316e8ba5af6c

SHA1
735e119f0e443f1638f2b40743f008aafd72caec

SHA256
e8c46640b7db73f2c98ce865a36bb0ed4687b0755da1a50b38ef40b3d4c1b59a

SHA512
3a2737ea6ec025168ebc655dfd67b2b90f086cb76465face8fe1168738dc00fc3ee0621a70b43690e9eea63b46232ce9929a6916ddee6624886c1fb1313ee2e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe

Filesize
184KB

MD5
685122728c5c830ee5eb418356e2596d

SHA1
47e45e04c5bd8bd51d668b6cd817ed702fab95a5

SHA256
f321628cdab92e18e8eb1b816e7e2aba9c26e920752dcd4ab3a03ec75a81999b

SHA512
50506eba4f1ab7dba4bb635891d701312bb5276aa9225af90d1792ca071d05cf2a79c27cfe88d3864212ab0c5cbcd418cf97aa2e59ac3e28b4f7c7e6202985ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe

Filesize
184KB

MD5
f681bd846f0d9bba44b164bc4775e102

SHA1
5befd48065c4bd7487c85fec39ae228c42e22855

SHA256
44e5ab584d615157866cb1c94366b9df055cad4d54a9a6cdb7bcf99fc5a5d394

SHA512
78fab41dbd02348e50d699a6654c563a76ecc83005a44e4036c25d1550c43ba9989ee49aff2d77962475f0265e9a9b293a393a3c5ccc4849952b74a2d1a19b39

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe

Filesize
184KB

MD5
8bf0f665ecd1a873b833b53cf9b7fd21

SHA1
5179aade881fe842da2616e419f25bcf2b9f5359

SHA256
1322d876477bd9c1c9294a68b16c67932db8b4cdd6f1043e4c5ab7e4ca3a3183

SHA512
56fe15d315f4b28c088b47546e5052a363ca622b36ce056245712264bf867269ec4ef09fe523d79dfe0ccb96b35047764f56299039814a9f88eb323b6bdded1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49914.exe

Filesize
184KB

MD5
36a905bd5ea8b94ed9bdfa92ee2eb4d4

SHA1
9ee4fb2f2fdae10bd2e5cb392193b9d061545bae

SHA256
c741bbc03fba3ee8aceb93acf4043c9d4f61609659f51c0b7f395b073392479c

SHA512
6a2a2a27f0ebf31b7adc7286234dc176ec90d4f660c434413ac9ddc30e41951506f8300e73ca5adbf4e876bbc705fc1327709eea3dd1c6f42d93e57feb762615

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe

Filesize
184KB

MD5
a0adf2dba00c05af5faa596c4a6282a2

SHA1
5697a83968bb109955c80331f5ac3ac30f68f303

SHA256
c9f8a1c35f97a901f8125b47506c3320948e1d5a13907e728e9571bc81af4672

SHA512
f629d399cbe68e620f58547605491dac313b05a19d25c9361a5268c50c548e1b39d5643143f3572c208c2f5ff74aa95ac0cb67db7960bf13b2888d352d56eef9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe

Filesize
184KB

MD5
9e1dfd0e3cf299a953d7ceacb03bdea1

SHA1
6a27870b165e5014c93c7ae7eb858e3d656a492a

SHA256
068f2486d7430ff04f6aec5beeed7ece569c254a74f3265254f5c72f282b0ee8

SHA512
2123f0d461967ee2c6c2c24dcd54932ab20dc1976a5cc283bfdebfa90ec2e432bec577cf478b529690af41f98de4cf8553e36600ca6e367ecd6a0383f02c31ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe

Filesize
184KB

MD5
c29d6ff885549a51e81704c1b10c63bd

SHA1
aa13e91e6d811bb207dfc7fac3b814e03a4484ea

SHA256
6d986c6f45346bea5662e9ca6c2ce1949c3cc315ae71447873d6b5d627322910

SHA512
7fb6db4359213246b5422ea359aa2628f8a1a28cdb7b94fed1e520234420b9bcf0e26921b3b392fc4dbf4fa838b14c3cdb61ab3b7e7791988c3c87ee97dee85d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads