353f73fbdc454581b4b01b93886cd8a1d0df6cf41486e4f90016c8bbf3fb8b34

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 06:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe
Size

184KB
MD5

2319bfe02f0fd01f31294ee4a9bca5c0
SHA1

aff24702bf6240d38cdf7f611a8572795b917245
SHA256

353f73fbdc454581b4b01b93886cd8a1d0df6cf41486e4f90016c8bbf3fb8b34
SHA512

bff4625b5d26376c38b9fe54a1c699fa05bf7fb876167d3ddfc4f1ecb8147316853ae8051ef24d92ca4ac82e5cf2b92b1b17aa65c07e46655f726a9025123232
SSDEEP

1536:mBiNljt5ZKXvo5xxtlxAY6wrFy9yvZc8emddjwLA2IQ5t/Cl5hj54izpX2:qY1KXvofPlxcKFsWe8wLAUv/ClnaiFG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2648	Unicorn-52396.exe
2564	Unicorn-59059.exe
2680	Unicorn-31025.exe
2596	Unicorn-12196.exe
2460	Unicorn-58937.exe
1848	Unicorn-36893.exe
2720	Unicorn-32804.exe
2560	Unicorn-8299.exe
1548	Unicorn-45803.exe
1576	Unicorn-48948.exe
2164	Unicorn-29082.exe
2028	Unicorn-29182.exe
2844	Unicorn-26721.exe
1828	Unicorn-46587.exe
2260	Unicorn-18553.exe
2220	Unicorn-21699.exe
2236	Unicorn-33628.exe
1196	Unicorn-53494.exe
2880	Unicorn-62731.exe
1704	Unicorn-16157.exe
792	Unicorn-53660.exe
1540	Unicorn-8564.exe
1284	Unicorn-8564.exe
2300	Unicorn-57381.exe
1016	Unicorn-37515.exe
2204	Unicorn-29347.exe
1944	Unicorn-58450.exe
2316	Unicorn-4843.exe
1840	Unicorn-32877.exe
396	Unicorn-62212.exe
2320	Unicorn-24709.exe
1420	Unicorn-16541.exe
2712	Unicorn-16188.exe
2632	Unicorn-53691.exe
2628	Unicorn-8019.exe
2580	Unicorn-65196.exe
2464	Unicorn-3338.exe
1228	Unicorn-31756.exe
2768	Unicorn-64620.exe
608	Unicorn-48284.exe
1644	Unicorn-28418.exe
1004	Unicorn-11698.exe
1596	Unicorn-15227.exe
1764	Unicorn-7059.exe
264	Unicorn-64428.exe
476	Unicorn-56260.exe
2036	Unicorn-9690.exe
2004	Unicorn-13219.exe
580	Unicorn-13219.exe
2328	Unicorn-13219.exe
2884	Unicorn-51792.exe
2556	Unicorn-51792.exe
2040	Unicorn-51792.exe
340	Unicorn-26790.exe
940	Unicorn-56125.exe
2112	Unicorn-27859.exe
2068	Unicorn-22300.exe
1416	Unicorn-63333.exe
872	Unicorn-17662.exe
1916	Unicorn-9493.exe
2664	Unicorn-51787.exe
2652	Unicorn-63717.exe
2656	Unicorn-61683.exe
2312	Unicorn-42393.exe

Loads dropped DLL 64 IoCs

pid	Process
1832	2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe
1832	2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe
2648	Unicorn-52396.exe
2648	Unicorn-52396.exe
1832	2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe
1832	2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe
2564	Unicorn-59059.exe
2564	Unicorn-59059.exe
2648	Unicorn-52396.exe
2648	Unicorn-52396.exe
2680	Unicorn-31025.exe
2680	Unicorn-31025.exe
752	WerFault.exe
752	WerFault.exe
752	WerFault.exe
752	WerFault.exe
752	WerFault.exe
2460	Unicorn-58937.exe
2460	Unicorn-58937.exe
2596	Unicorn-12196.exe
2596	Unicorn-12196.exe
2564	Unicorn-59059.exe
2564	Unicorn-59059.exe
1848	Unicorn-36893.exe
1848	Unicorn-36893.exe
2680	Unicorn-31025.exe
2680	Unicorn-31025.exe
2352	WerFault.exe
2352	WerFault.exe
2352	WerFault.exe
2352	WerFault.exe
2352	WerFault.exe
784	WerFault.exe
784	WerFault.exe
784	WerFault.exe
784	WerFault.exe
784	WerFault.exe
1576	Unicorn-48948.exe
1576	Unicorn-48948.exe
1848	Unicorn-36893.exe
1848	Unicorn-36893.exe
2720	Unicorn-32804.exe
2720	Unicorn-32804.exe
2460	Unicorn-58937.exe
2164	Unicorn-29082.exe
2460	Unicorn-58937.exe
2164	Unicorn-29082.exe
2596	Unicorn-12196.exe
2560	Unicorn-8299.exe
2596	Unicorn-12196.exe
2560	Unicorn-8299.exe
1548	Unicorn-45803.exe
1548	Unicorn-45803.exe
1908	WerFault.exe
1908	WerFault.exe
1908	WerFault.exe
1908	WerFault.exe
1908	WerFault.exe
1036	WerFault.exe
1036	WerFault.exe
1036	WerFault.exe
1036	WerFault.exe
1036	WerFault.exe
852	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
3068	1832	WerFault.exe	27
752	2648	WerFault.exe	28
2352	2564	WerFault.exe	29
784	2680	WerFault.exe	30
1908	2460	WerFault.exe	33
1036	2596	WerFault.exe	32
852	1848	WerFault.exe	34
1964	1576	WerFault.exe	39
3032	2720	WerFault.exe	36
2676	2560	WerFault.exe	37
2604	2164	WerFault.exe	40
2600	1548	WerFault.exe	38
576	2028	WerFault.exe	43
1168	1828	WerFault.exe	45
1772	2844	WerFault.exe	44
2984	2220	WerFault.exe	47
2324	2236	WerFault.exe	48
820	1196	WerFault.exe	49
1588	2880	WerFault.exe	50
2376	2260	WerFault.exe	46
2660	1704	WerFault.exe	54
304	792	WerFault.exe	55
2644	1540	WerFault.exe	57
1492	396	WerFault.exe	65
1000	1284	WerFault.exe	56
2124	1944	WerFault.exe	61
1452	2316	WerFault.exe	63
2972	1016	WerFault.exe	59
2444	2300	WerFault.exe	58
2256	2204	WerFault.exe	60
2848	2320	WerFault.exe	64
2640	1420	WerFault.exe	66
2412	1840	WerFault.exe	62
3456	2712	WerFault.exe	72
3472	2632	WerFault.exe	73
3480	2628	WerFault.exe	74
3548	2580	WerFault.exe	75
3596	2464	WerFault.exe	76
3668	1228	WerFault.exe	77
3780	2768	WerFault.exe	78
3804	1764	WerFault.exe	83
3832	580	WerFault.exe	88
3308	2556	WerFault.exe	90
4080	2004	WerFault.exe	87
3132	872	WerFault.exe	106
3196	340	WerFault.exe	101
3200	1644	WerFault.exe	80
3272	2036	WerFault.exe	86
3440	2664	WerFault.exe	108
3688	476	WerFault.exe	85
4024	2652	WerFault.exe	109
3000	2656	WerFault.exe	110
3208	1916	WerFault.exe	107
3408	2912	WerFault.exe	126
3428	2788	WerFault.exe	114
3572	1596	WerFault.exe	82
3648	1992	WerFault.exe	112
3140	1604	WerFault.exe	127
3840	2216	WerFault.exe	131
4008	1476	WerFault.exe	135
3704	2056	WerFault.exe	129
3268	2884	WerFault.exe	91
4036	2804	WerFault.exe	115
4296	1736	WerFault.exe	123

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1832	2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe
2648	Unicorn-52396.exe
2564	Unicorn-59059.exe
2680	Unicorn-31025.exe
2596	Unicorn-12196.exe
2460	Unicorn-58937.exe
1848	Unicorn-36893.exe
2560	Unicorn-8299.exe
2720	Unicorn-32804.exe
1576	Unicorn-48948.exe
2164	Unicorn-29082.exe
1548	Unicorn-45803.exe
2028	Unicorn-29182.exe
2844	Unicorn-26721.exe
1828	Unicorn-46587.exe
2220	Unicorn-21699.exe
2260	Unicorn-18553.exe
1196	Unicorn-53494.exe
2880	Unicorn-62731.exe
2236	Unicorn-33628.exe
1704	Unicorn-16157.exe
792	Unicorn-53660.exe
1540	Unicorn-8564.exe
1284	Unicorn-8564.exe
2300	Unicorn-57381.exe
1016	Unicorn-37515.exe
2204	Unicorn-29347.exe
2316	Unicorn-4843.exe
1944	Unicorn-58450.exe
396	Unicorn-62212.exe
2320	Unicorn-24709.exe
1840	Unicorn-32877.exe
1420	Unicorn-16541.exe
2632	Unicorn-53691.exe
2712	Unicorn-16188.exe
2628	Unicorn-8019.exe
2580	Unicorn-65196.exe
2464	Unicorn-3338.exe
1228	Unicorn-31756.exe
2768	Unicorn-64620.exe
608	Unicorn-48284.exe
1644	Unicorn-28418.exe
1004	Unicorn-11698.exe
1764	Unicorn-7059.exe
1596	Unicorn-15227.exe
264	Unicorn-64428.exe
2004	Unicorn-13219.exe
476	Unicorn-56260.exe
2036	Unicorn-9690.exe
580	Unicorn-13219.exe
2328	Unicorn-13219.exe
2884	Unicorn-51792.exe
2556	Unicorn-51792.exe
2040	Unicorn-51792.exe
340	Unicorn-26790.exe
940	Unicorn-56125.exe
2068	Unicorn-22300.exe
2112	Unicorn-27859.exe
1416	Unicorn-63333.exe
872	Unicorn-17662.exe
1916	Unicorn-9493.exe
2664	Unicorn-51787.exe
2652	Unicorn-63717.exe
2656	Unicorn-61683.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 2648	1832	2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe	28
PID 1832 wrote to memory of 2648	1832	2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe	28
PID 1832 wrote to memory of 2648	1832	2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe	28
PID 1832 wrote to memory of 2648	1832	2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe	28
PID 2648 wrote to memory of 2564	2648	Unicorn-52396.exe	29
PID 2648 wrote to memory of 2564	2648	Unicorn-52396.exe	29
PID 2648 wrote to memory of 2564	2648	Unicorn-52396.exe	29
PID 2648 wrote to memory of 2564	2648	Unicorn-52396.exe	29
PID 1832 wrote to memory of 2680	1832	2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe	30
PID 1832 wrote to memory of 2680	1832	2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe	30
PID 1832 wrote to memory of 2680	1832	2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe	30
PID 1832 wrote to memory of 2680	1832	2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe	30
PID 1832 wrote to memory of 3068	1832	2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe	31
PID 1832 wrote to memory of 3068	1832	2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe	31
PID 1832 wrote to memory of 3068	1832	2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe	31
PID 1832 wrote to memory of 3068	1832	2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe	31
PID 2564 wrote to memory of 2596	2564	Unicorn-59059.exe	32
PID 2564 wrote to memory of 2596	2564	Unicorn-59059.exe	32
PID 2564 wrote to memory of 2596	2564	Unicorn-59059.exe	32
PID 2564 wrote to memory of 2596	2564	Unicorn-59059.exe	32
PID 2648 wrote to memory of 2460	2648	Unicorn-52396.exe	33
PID 2648 wrote to memory of 2460	2648	Unicorn-52396.exe	33
PID 2648 wrote to memory of 2460	2648	Unicorn-52396.exe	33
PID 2648 wrote to memory of 2460	2648	Unicorn-52396.exe	33
PID 2680 wrote to memory of 1848	2680	Unicorn-31025.exe	34
PID 2680 wrote to memory of 1848	2680	Unicorn-31025.exe	34
PID 2680 wrote to memory of 1848	2680	Unicorn-31025.exe	34
PID 2680 wrote to memory of 1848	2680	Unicorn-31025.exe	34
PID 2648 wrote to memory of 752	2648	Unicorn-52396.exe	35
PID 2648 wrote to memory of 752	2648	Unicorn-52396.exe	35
PID 2648 wrote to memory of 752	2648	Unicorn-52396.exe	35
PID 2648 wrote to memory of 752	2648	Unicorn-52396.exe	35
PID 2460 wrote to memory of 2720	2460	Unicorn-58937.exe	36
PID 2460 wrote to memory of 2720	2460	Unicorn-58937.exe	36
PID 2460 wrote to memory of 2720	2460	Unicorn-58937.exe	36
PID 2460 wrote to memory of 2720	2460	Unicorn-58937.exe	36
PID 2596 wrote to memory of 2560	2596	Unicorn-12196.exe	37
PID 2596 wrote to memory of 2560	2596	Unicorn-12196.exe	37
PID 2596 wrote to memory of 2560	2596	Unicorn-12196.exe	37
PID 2596 wrote to memory of 2560	2596	Unicorn-12196.exe	37
PID 2564 wrote to memory of 1548	2564	Unicorn-59059.exe	38
PID 2564 wrote to memory of 1548	2564	Unicorn-59059.exe	38
PID 2564 wrote to memory of 1548	2564	Unicorn-59059.exe	38
PID 2564 wrote to memory of 1548	2564	Unicorn-59059.exe	38
PID 1848 wrote to memory of 1576	1848	Unicorn-36893.exe	39
PID 1848 wrote to memory of 1576	1848	Unicorn-36893.exe	39
PID 1848 wrote to memory of 1576	1848	Unicorn-36893.exe	39
PID 1848 wrote to memory of 1576	1848	Unicorn-36893.exe	39
PID 2680 wrote to memory of 2164	2680	Unicorn-31025.exe	40
PID 2680 wrote to memory of 2164	2680	Unicorn-31025.exe	40
PID 2680 wrote to memory of 2164	2680	Unicorn-31025.exe	40
PID 2680 wrote to memory of 2164	2680	Unicorn-31025.exe	40
PID 2564 wrote to memory of 2352	2564	Unicorn-59059.exe	41
PID 2564 wrote to memory of 2352	2564	Unicorn-59059.exe	41
PID 2564 wrote to memory of 2352	2564	Unicorn-59059.exe	41
PID 2564 wrote to memory of 2352	2564	Unicorn-59059.exe	41
PID 2680 wrote to memory of 784	2680	Unicorn-31025.exe	42
PID 2680 wrote to memory of 784	2680	Unicorn-31025.exe	42
PID 2680 wrote to memory of 784	2680	Unicorn-31025.exe	42
PID 2680 wrote to memory of 784	2680	Unicorn-31025.exe	42
PID 1576 wrote to memory of 2028	1576	Unicorn-48948.exe	43
PID 1576 wrote to memory of 2028	1576	Unicorn-48948.exe	43
PID 1576 wrote to memory of 2028	1576	Unicorn-48948.exe	43
PID 1576 wrote to memory of 2028	1576	Unicorn-48948.exe	43

C:\Users\Admin\AppData\Local\Temp\2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2319bfe02f0fd01f31294ee4a9bca5c0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59059.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8299.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53494.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
        9⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe
        10⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38599.exe
        11⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39025.exe
        12⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
        13⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe
        14⤵
        
        PID:12356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 236
        14⤵
        
        PID:13252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
        13⤵
        
        PID:11148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
        12⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 216
        11⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
        10⤵
        Program crash
        
        PID:4296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
        9⤵
        Program crash
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        8⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
        9⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        10⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55735.exe
        11⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17348.exe
        12⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27153.exe
        13⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
        12⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 220
        11⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 216
        10⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 216
        9⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 240
        8⤵
        Program crash
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5191.exe
        8⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59431.exe
        9⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55127.exe
        10⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
        11⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
        12⤵
        
        PID:10648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
        12⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
        11⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 216
        10⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
        9⤵
        Program crash
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe
        8⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        9⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3576.exe
        10⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
        11⤵
        
        PID:10704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 216
        11⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 236
        10⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 220
        9⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
        8⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
        7⤵
        Program crash
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36576.exe
        8⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62268.exe
        10⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
        11⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
        12⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 216
        12⤵
        
        PID:12936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
        11⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        10⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 216
        9⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
        8⤵
        Program crash
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33073.exe
        7⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
        8⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53783.exe
        9⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23831.exe
        10⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        11⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        12⤵
        
        PID:12988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
        11⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
        10⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 216
        9⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 216
        8⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        7⤵
        Program crash
        
        PID:1452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        6⤵
        Program crash
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33628.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58450.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48284.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45923.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        9⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        10⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23587.exe
        11⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44872.exe
        12⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32910.exe
        13⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 216
        13⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
        12⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        11⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
        10⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 216
        9⤵
        Program crash
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13245.exe
        8⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        9⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5574.exe
        10⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        11⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
        12⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 216
        11⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
        10⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        9⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 240
        8⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1169.exe
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57978.exe
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        9⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42538.exe
        10⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
        11⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35826.exe
        12⤵
        
        PID:11644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
        12⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
        11⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        10⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        9⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        9⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
        10⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37834.exe
        11⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 216
        11⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
        10⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        9⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        8⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
        7⤵
        Program crash
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11698.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52747.exe
        7⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        8⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        9⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53052.exe
        10⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
        11⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
        11⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 220
        10⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 216
        9⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 236
        8⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39373.exe
        7⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
        8⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
        9⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64379.exe
        10⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 216
        10⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
        9⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 216
        8⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 240
        7⤵
        
        PID:4508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
        6⤵
        Program crash
        
        PID:2324
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45803.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62731.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24709.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65399.exe
        9⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
        10⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
        11⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
        12⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 220
        12⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        11⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
        10⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 216
        9⤵
        Program crash
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4693.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53783.exe
        9⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        10⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        11⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
        11⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 220
        10⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
        9⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 220
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
        7⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20105.exe
        10⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
        11⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
        11⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        10⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        9⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
        8⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 220
        7⤵
        Program crash
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46224.exe
        7⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8606.exe
        8⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 240
        9⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
        8⤵
        Program crash
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe
        7⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21923.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53119.exe
        9⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47949.exe
        10⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
        11⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 236
        11⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
        10⤵
        
        PID:10076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
        9⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
        8⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        7⤵
        Program crash
        
        PID:3308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
        6⤵
        Program crash
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62212.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31756.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51787.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31746.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe
        9⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        10⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55361.exe
        11⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32371.exe
        12⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
        13⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 236
        13⤵
        
        PID:13068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
        12⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        11⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
        10⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42435.exe
        9⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28797.exe
        10⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64348.exe
        11⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
        12⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 220
        11⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
        10⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        9⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
        8⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
        9⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12460.exe
        10⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25516.exe
        11⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10340 -s 200
        12⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
        11⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 220
        10⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        9⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
        8⤵
        Program crash
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46857.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
        9⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        10⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4737.exe
        11⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39005.exe
        12⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
        11⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        10⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        9⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe
        8⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        9⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe
        10⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe
        11⤵
        
        PID:13112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
        10⤵
        
        PID:11216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
        9⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        8⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
        7⤵
        Program crash
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
        7⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37937.exe
        8⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59621.exe
        9⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        10⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8987.exe
        11⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe
        12⤵
        
        PID:13280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 220
        11⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        10⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
        9⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
        8⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28477.exe
        8⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        9⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
        10⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
        11⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 216
        11⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
        10⤵
        
        PID:10560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
        9⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        8⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        7⤵
        Program crash
        
        PID:4024
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 240
        6⤵
        Program crash
        
        PID:1492
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        5⤵
        Program crash
        
        PID:2600
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8564.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61683.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        9⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4688.exe
        10⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe
        11⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44832.exe
        12⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        13⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 188
        14⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
        13⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        12⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        11⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
        10⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44832.exe
        11⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        12⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        13⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
        12⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
        11⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
        10⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        9⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
        10⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25818.exe
        11⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3714.exe
        12⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        13⤵
        
        PID:12236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 236
        13⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 236
        12⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 236
        11⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        10⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        9⤵
        Program crash
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14568.exe
        8⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        9⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
        10⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57307.exe
        11⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
        12⤵
        
        PID:10140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 220
        12⤵
        
        PID:11944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        11⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        10⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
        9⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23426.exe
        10⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39439.exe
        11⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35788.exe
        12⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
        11⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
        10⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
        9⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
        8⤵
        Program crash
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42393.exe
        7⤵
        Executes dropped EXE
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
        8⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5394.exe
        9⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
        10⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        11⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
        12⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8596 -s 216
        12⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
        11⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
        10⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 216
        9⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
        9⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
        10⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 220
        11⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        10⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        9⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
        8⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
        7⤵
        Program crash
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28418.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62067.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62410.exe
        9⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12460.exe
        10⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30586.exe
        11⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20092.exe
        12⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9244 -s 216
        12⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        11⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
        10⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
        9⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        8⤵
        Program crash
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4693.exe
        7⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53557.exe
        8⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46285.exe
        9⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64135.exe
        10⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        11⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
        10⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
        9⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
        8⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        7⤵
        Program crash
        
        PID:3200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
        6⤵
        Program crash
        
        PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37515.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15227.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20075.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
        9⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5465.exe
        10⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
        11⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
        11⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 220
        10⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 216
        9⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 216
        8⤵
        Program crash
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23950.exe
        9⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
        10⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        11⤵
        
        PID:12508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
        11⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
        10⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
        9⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
        8⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
        7⤵
        Program crash
        
        PID:3572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 236
        6⤵
        Program crash
        
        PID:2972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
        5⤵
        Program crash
        
        PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18553.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe
        7⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-246.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23607.exe
        9⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47567.exe
        10⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30000.exe
        11⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
        11⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
        10⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        9⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
        8⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13245.exe
        7⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe
        9⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
        10⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        11⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 216
        11⤵
        
        PID:12944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
        10⤵
        
        PID:10836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        9⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
        8⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
        7⤵
        Program crash
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41049.exe
        6⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8030.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47567.exe
        9⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25516.exe
        10⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10348 -s 200
        11⤵
        
        PID:13136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
        10⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
        9⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
        8⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 236
        7⤵
        
        PID:4736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
        6⤵
        Program crash
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        6⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65207.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        8⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42.exe
        9⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
        10⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        11⤵
        
        PID:12660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 236
        11⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
        10⤵
        
        PID:10424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        9⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        8⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
        7⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29005.exe
        6⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        7⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26296.exe
        8⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
        9⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
        9⤵
        
        PID:924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
        8⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        7⤵
        
        PID:6848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
        6⤵
        Program crash
        
        PID:3268
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
        5⤵
        Program crash
        
        PID:2376
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1908
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36893.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48948.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16188.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26790.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
        9⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34756.exe
        10⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54432.exe
        11⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
        12⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54087.exe
        13⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 216
        13⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 236
        12⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        11⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 236
        10⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        9⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61725.exe
        10⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42528.exe
        11⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4353.exe
        12⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28291.exe
        13⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 236
        13⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
        12⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
        11⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        10⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 240
        9⤵
        Program crash
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62233.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54465.exe
        9⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62410.exe
        10⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51272.exe
        11⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        12⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
        13⤵
        
        PID:13040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
        12⤵
        
        PID:10912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
        11⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
        10⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48801.exe
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        10⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe
        11⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28004.exe
        12⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
        11⤵
        
        PID:10580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        10⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        9⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        8⤵
        Program crash
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46105.exe
        9⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe
        10⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7056.exe
        11⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64367.exe
        12⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 216
        12⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 236
        11⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        10⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
        9⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50552.exe
        8⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        9⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31369.exe
        10⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
        11⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 216
        11⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
        10⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        9⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 240
        8⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
        7⤵
        Program crash
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53691.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
        7⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41196.exe
        8⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12908.exe
        9⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27536.exe
        10⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
        11⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
        12⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 216
        12⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
        11⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
        10⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
        9⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 236
        8⤵
        Program crash
        
        PID:4008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
        7⤵
        Program crash
        
        PID:3472
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        6⤵
        Program crash
        
        PID:576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53660.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64885.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51092.exe
        9⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45304.exe
        10⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56641.exe
        11⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6614.exe
        12⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 216
        12⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        11⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        10⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
        9⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-474.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4643.exe
        10⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        11⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 216
        11⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
        10⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        9⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
        8⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        7⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21793.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12449.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5465.exe
        10⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe
        11⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35181.exe
        12⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
        11⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 220
        10⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
        9⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
        8⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 220
        7⤵
        Program crash
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
        7⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45913.exe
        8⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        9⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47930.exe
        10⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58380.exe
        11⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44532.exe
        12⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
        11⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        10⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
        9⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
        8⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42959.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe
        8⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7824.exe
        9⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17278.exe
        10⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 216
        10⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
        9⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        8⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
        7⤵
        
        PID:5200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 240
        6⤵
        Program crash
        
        PID:304
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
        5⤵
        Program crash
        
        PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8564.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17662.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56333.exe
        8⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
        9⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
        10⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65385.exe
        11⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
        12⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 216
        12⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
        11⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        10⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
        9⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 236
        8⤵
        Program crash
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19747.exe
        7⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21409.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        9⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        10⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe
        11⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59550.exe
        12⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 220
        12⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 216
        11⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 220
        10⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        9⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26099.exe
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7260.exe
        9⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        10⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54087.exe
        11⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57652.exe
        11⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 220
        11⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
        10⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 236
        9⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 220
        8⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
        7⤵
        Program crash
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63333.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15108.exe
        7⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20505.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe
        9⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        10⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52546.exe
        11⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 236
        11⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
        10⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
        9⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
        8⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        8⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        9⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        10⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 216
        10⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
        9⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        8⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 240
        7⤵
        
        PID:4720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
        6⤵
        Program crash
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3338.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9493.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37937.exe
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        9⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
        10⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
        11⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
        11⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        10⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
        9⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 216
        8⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59104.exe
        7⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59621.exe
        8⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
        9⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40228.exe
        10⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        11⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10440 -s 236
        11⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
        10⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 220
        9⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        8⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
        7⤵
        Program crash
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        6⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13432.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
        8⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45133.exe
        9⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
        10⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
        11⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
        10⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
        9⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        8⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8611.exe
        7⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        8⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        9⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41813.exe
        10⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 220
        9⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        8⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
        7⤵
        
        PID:5164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
        6⤵
        Program crash
        
        PID:3596
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 220
        5⤵
        Program crash
        
        PID:1772
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29082.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21699.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57381.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36603.exe
        7⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18015.exe
        8⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        9⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20458.exe
        10⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        11⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        12⤵
        
        PID:13264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 216
        11⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        10⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 216
        9⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 236
        8⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64262.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        8⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
        9⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22963.exe
        10⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 220
        10⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        9⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 216
        8⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 240
        7⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57386.exe
        6⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8222.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        9⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39491.exe
        10⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
        10⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        9⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        8⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 236
        7⤵
        
        PID:4316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        6⤵
        Program crash
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
        6⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
        7⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        8⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57453.exe
        9⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32494.exe
        10⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 236
        10⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        9⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 216
        8⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 236
        7⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21029.exe
        6⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62301.exe
        7⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25480.exe
        8⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
        9⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10620 -s 220
        10⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
        9⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
        8⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
        7⤵
        
        PID:5944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
        6⤵
        Program crash
        
        PID:3272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        5⤵
        Program crash
        
        PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29347.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56260.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
        6⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36645.exe
        8⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        9⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe
        10⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        11⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 216
        11⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
        10⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 220
        9⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
        8⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
        7⤵
        Program crash
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13245.exe
        6⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
        7⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
        8⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23103.exe
        9⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
        10⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
        9⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
        8⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
        7⤵
        
        PID:6024
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 476 -s 240
        6⤵
        Program crash
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25289.exe
        5⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        6⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29471.exe
        7⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
        8⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        9⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31107.exe
        10⤵
        
        PID:13184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
        9⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
        8⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 216
        7⤵
        
        PID:6232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
        6⤵
        
        PID:4540
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        5⤵
        Program crash
        
        PID:2256
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
      4⤵
      Program crash
      PID:2604
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:784
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
  2⤵
  - Program crash
  PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe

Filesize
184KB

MD5
0166012f87d9a7022891b278515ecce6

SHA1
d1142a23f9e9f98800fe72c31b1baf36c0f9b70a

SHA256
50da4bf91c78b265c04e9691e846b3e5bc006734136393a433c2898c6df5ca1b

SHA512
882f1d2623a1c265d7e00530341ea688439b9c29aa4712074f231b6e3bed06318f117f7ce6f50269427120d395296c15e98f16bb1555506eca5ffcad6c424de2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29082.exe

Filesize
184KB

MD5
523215b4c7491abd60dc6ff67dd78668

SHA1
ce690694f6f5458371b53a3d89e8a73314eb8c62

SHA256
1f81145f3148310297f19701205727fe9242e4f6248a0591171cb4c997f32510

SHA512
7cb3cf5b4f8944351bd392b4448a858b4fa5d62a6dde4f09cedf34c2a18cb5a3afb813388e07d786c0635e098df094c2bfdb6af57de693d06b0d64bd13044ce9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe

Filesize
184KB

MD5
b9de8c1e4012309d84d50fac5ed56e12

SHA1
17e527c57831fe30321881802cbbf90d88b9c825

SHA256
d3af8ec31d7265a27ff9bb061348d52659e770a0759cdfe8356fd6d03395a0fe

SHA512
3ee9b8325c620a950b95f4aab209e5e7f4865574caf599886a224389794455f3cca9b873d5ce9db4b726dc8006258be7b4176201b38a4b1fac1612f031387886

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31107.exe

Filesize
184KB

MD5
6104836719cd9dc22df9b60ae956b760

SHA1
6e89707f6943de82720ce022bcc9a3e6a2e53287

SHA256
dd0b10c7a732eae84f814a73f02e3a22337e4f9c285837589fcebf943189455e

SHA512
5ad1fa7f0af93a4b706ffeb041b21bc5344beb74363a5554e6eed082de94948985a85be075c0935f9fa144a05ec49c0d08ac70bb52b532c4fa02755aa34862ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe

Filesize
184KB

MD5
cd2837b350e1dca8a60952220fbdcd2f

SHA1
88353b27188a616a9bf70136445477c34e183c14

SHA256
ce571d46ba9b3e3d9cf437dabf69056771b4951f2cbb9605e0b18710626af0e2

SHA512
76f73ccb87bdf731ca0e42dc867e1f7b4a8dd6df2409b83f346171540a25c72336f4791d4bfd08e8073e299985f1ead1b71525796ff370906dd349aab2f52c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe

Filesize
184KB

MD5
f02b8b1897f5cbdaba5ae1ecc3bfb554

SHA1
0392af525ad1d5105c67dbcce74e54c978146d18

SHA256
51677c12af201f99070b995996a475731e0716e8b1d68ce72bb96b37df9e2fcf

SHA512
7db3a4f0c5e1863a6a69dac8fe1e2b6ab829b1414dc23d71d4bcb6fef5b6303050b599934f85bedd6b63838801f11332dd4097b154e1d774d97be869a0c5ab70

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41049.exe

Filesize
184KB

MD5
40da6847a89f0d496f3efc736b5e5daa

SHA1
99f05837c5df3e383f09ddb712ad839f506a2c18

SHA256
ac6b875168d371232c158c945458b1ae49cd7bc7b90e12d948b2bcc918ae8363

SHA512
1f399f65a7a5b87314fc45284cd38e8220b1948896866b1dff80d755a612cfda9024b3a55fe1e361c395b1e9a0be64a99b1ef6634dfa5b4b5948b3e9068dcc50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48801.exe

Filesize
184KB

MD5
914c133a87244359d2e8564b1ae483f7

SHA1
48485c19d06a2e11f6243442fbd1686b5c029dc3

SHA256
0213d2c8d319fbf545ee022eb3c23459ee17b003be896c107432346aee7225cf

SHA512
8dad173c16f6006c0b4c9022db2d9376eabad3b118d7fd7b3774aa340d96f2dfcb1d0f7222c7f6a73b162790fe6a0583a59021142948c259616072af1d0f8d9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48948.exe

Filesize
184KB

MD5
62e5e03298617b7c6718545796f25fcf

SHA1
2cd6eb419f9cc0ba4219f249b093037c4bbb5f9d

SHA256
b7c0e8e0e22bb23a920678e5b23f2b7b00abdeda518ed3d1b9c9d2e68540ce6d

SHA512
fe0a78c5e8e10e966aa4bfd74374cb1e677482f0010e44ffecd51b7f3c6ca2f6037ea47544f86d6035adc42efda1000417a93ddd202f2876353df4f97d2f6446

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe

Filesize
184KB

MD5
0e94f524f3924c84e5673f53b5dfb964

SHA1
7273e7c5f978ab2f3809cf824d9c2c0274a862da

SHA256
b87543e96fd5493cd1c5c671376d46ec7f4cdf57ae543ac1284a950756e0a7d9

SHA512
bfdd28cacb0f4cdd676751e47652c16220373720561b5145e3f42a105423db8da457523cae16d62093e67bb387f1e95cefc530abc9c54eea162aa544c30cc807

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe

Filesize
184KB

MD5
d05d32952227cf34ffab3210964750e4

SHA1
60c82df7c66c5051c88823b19cfa783490eaae8e

SHA256
c1e052ae9c589e6f810a72fd7a6cf7a2e2af3359febacfeadc79d76617b22237

SHA512
ca0e0e7a53e8d66c6a072bc2f58c7537305b5c3b6b165753670417005686e514e710c171cf742959050b583d61a51530ce09fa5e1d059ffda73a2e7ebc0c1903

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe

Filesize
184KB

MD5
02cf7062b8555731133dc670bd631372

SHA1
b5fbeb14ae6cf0d1adaab244a03c306373e9712a

SHA256
cfc0c5151b1a6ca1bdd479731c815f75255f9bcb41ef01da5efb5d14bae872f0

SHA512
c3e4077488dafe7cf7b40a4b82f0bb036a3588a81530f1be0fecfd56ad4ef27423bb7166936e7b58e1acb013264a8d0a025411d124c692f06c2592c08b607dcd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36893.exe

Filesize
184KB

MD5
6e560904a6936bf58e2c3b7276d9dfc1

SHA1
b42cd097dc9e5946972b53d168c76a6e935fc1d7

SHA256
ef78995563e25aaa6d15ba69d5c61cfcf81c84973f3f2b0df6999c42d7e38580

SHA512
09b7f8352d80c37538543371f99810e0e6e70afb91c5db85498d688966e12ab6a3ea96beaf2058028636e81ad1b1b1cdb21c79b4fce67e90d18ca451fbf12329

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45803.exe

Filesize
184KB

MD5
9c52129b73dee14d385b0fb32c6e25fc

SHA1
71d0f31c62cb07750a9995cce4f81451729ba66a

SHA256
a68f285b3ebc98d0708208fa60a1c13c68079967dad25a874929909b3015be2b

SHA512
e7d44d1a05dede6c793ba54637d7dcec1aebb00f1f2a98fa8562cb1ddcfe15d59db5a6251b92bd562335d7a5f5a5e53b180bea227bb1037ffb6b07c9d9bfbc7d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe

Filesize
184KB

MD5
5e88e1edf89a08dc27e8651b70bed945

SHA1
658fb88fb0b6bdb9a18e46619bb01c3a0d689435

SHA256
746b5d5eeb44e40480e80c891fdb4e169814c5d6216732d8b1e645a4463acdaf

SHA512
7df5ad8119534009c373c23ee045448869a98c2d9080fc51530258b48b7aa15f394d4fd635639a4b25c3f15787460675178c068d5c9c24c8d1c446009beaef7d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe

Filesize
184KB

MD5
f660073f08ae0819436e91d427c0f949

SHA1
52c10225110da2f985d800e2bb66d506dca7acbe

SHA256
1a81091f0ac62cec32cf6d360b1fcad6b91951d8763faa119ee4141c989d1e9e

SHA512
eaccb2509703e00dbe92ba36d6f96fb6dcfdb93adab53131a21c4aaad43a5629fe76ee02f4c808084cfb81b4e5523c768f71566916711c53ba2a49b9580680ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe

Filesize
184KB

MD5
872a15e1780cc58ef4af6416b25720b2

SHA1
ec8c20739f4e14cbdf308a8983f057be8ef612e7

SHA256
7a8a741f3933c3ade7f67d347c2dba39ff1b56a7309c0671760bf6353779b68e

SHA512
f4661cab10745b290d6b1164c62311bea34c1e519928784f37352cd023f1e8c2b80e8da2fe229b78981dc51fabbaf8d306629728e0f2d879cdebd5a81462591f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59059.exe

Filesize
184KB

MD5
cac314fb237be39d4e85a79e5b48ba0c

SHA1
15c95f66258381b346014623d95bee7f3cc6705d

SHA256
fec02b5d51aaaa6a2b09a9058e48fced2bbc5d577c83f0751b6d1e024de4b13a

SHA512
26c0c6db5d4af620752e9b113a91b40fa24b17d8f8b47085bdf4aec2b98e199a51478829ecdceda2f0ff42e46036feac1e4b2cb02999c626e826e1ece92dba2e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8299.exe

Filesize
184KB

MD5
cdedcc2713def69ddcc7548ecf80d4a4

SHA1
752b646a3edc905cdd69b5889b52d9cf61987c2d

SHA256
9879efcb5dbd74853db9b83461e24ce2c272efa16ec0c9c643909b39e775f2f2

SHA512
7777c26d8568ede796335f6a497bba21f4ba633077023ff22be0ff4d10c9dcf71c0e0447c580ac52dba6bf043fe3ac72264e20ce77d3901e372a755adfeedde3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads