1207b13df7abdb5a0f056dd5bf342b9cf93910c2f8c687f060b09bc69eba8e0f

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 10:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe
Size

184KB
MD5

4004d222015c2a0f67f5364313009b50
SHA1

f5eaf7d68bcfb38dac2f0d0ec2f581d1524dca3e
SHA256

1207b13df7abdb5a0f056dd5bf342b9cf93910c2f8c687f060b09bc69eba8e0f
SHA512

8e6405408f8ed588dd4f97c86ddde664fe645277586536f371cfd0d904667d0a3dec7149a5a3cad4027bb3af65ee9bdb6e7a7792788079ca68174817b2624e50
SSDEEP

3072:iH90Y8ofzYtfdFyWeZ2LRtsEhln7iF/n3:iHeoaFFy+LbsEhln7iF/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2932	Unicorn-32618.exe
2608	Unicorn-27631.exe
1936	Unicorn-20017.exe
2284	Unicorn-10355.exe
2728	Unicorn-51388.exe
2444	Unicorn-31522.exe
1928	Unicorn-31496.exe
2708	Unicorn-51362.exe
2840	Unicorn-26858.exe
1088	Unicorn-2908.exe
2304	Unicorn-22774.exe
592	Unicorn-26701.exe
488	Unicorn-50651.exe
1616	Unicorn-23407.exe
2516	Unicorn-27299.exe
1632	Unicorn-35467.exe
2296	Unicorn-11517.exe
2796	Unicorn-10962.exe
1848	Unicorn-52550.exe
2164	Unicorn-59512.exe
1548	Unicorn-35562.exe
960	Unicorn-34816.exe
1864	Unicorn-38900.exe
344	Unicorn-60067.exe
644	Unicorn-31286.exe
2804	Unicorn-51152.exe
3028	Unicorn-22372.exe
1488	Unicorn-22372.exe
2984	Unicorn-43346.exe
1500	Unicorn-63212.exe
2332	Unicorn-9927.exe
1572	Unicorn-51515.exe
2240	Unicorn-38189.exe
2572	Unicorn-14239.exe
2424	Unicorn-17577.exe
1736	Unicorn-9963.exe
2420	Unicorn-13492.exe
2604	Unicorn-13492.exe
2876	Unicorn-18131.exe
2888	Unicorn-42081.exe
2856	Unicorn-63056.exe
2520	Unicorn-17385.exe
2864	Unicorn-22346.exe
2000	Unicorn-26430.exe
2020	Unicorn-6564.exe
1692	Unicorn-26430.exe
1120	Unicorn-26430.exe
624	Unicorn-55573.exe
780	Unicorn-9901.exe
1336	Unicorn-31068.exe
2292	Unicorn-42403.exe
2780	Unicorn-18453.exe
2064	Unicorn-46487.exe
3040	Unicorn-37935.exe
920	Unicorn-5817.exe
2116	Unicorn-9154.exe
1764	Unicorn-38489.exe
896	Unicorn-986.exe
2824	Unicorn-39279.exe
2820	Unicorn-56170.exe
560	Unicorn-52086.exe
2940	Unicorn-64338.exe
2624	Unicorn-14582.exe
2692	Unicorn-55615.exe

Loads dropped DLL 64 IoCs

pid	Process
1460	4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe
1460	4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe
2932	Unicorn-32618.exe
2932	Unicorn-32618.exe
1460	4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe
1460	4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe
1936	Unicorn-20017.exe
1936	Unicorn-20017.exe
2608	Unicorn-27631.exe
2932	Unicorn-32618.exe
2608	Unicorn-27631.exe
2932	Unicorn-32618.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
1936	Unicorn-20017.exe
1936	Unicorn-20017.exe
2284	Unicorn-10355.exe
2284	Unicorn-10355.exe
2728	Unicorn-51388.exe
2728	Unicorn-51388.exe
2608	Unicorn-27631.exe
2608	Unicorn-27631.exe
2444	Unicorn-31522.exe
2444	Unicorn-31522.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
2004	WerFault.exe
1316	WerFault.exe
2708	Unicorn-51362.exe
2284	Unicorn-10355.exe
2284	Unicorn-10355.exe
2708	Unicorn-51362.exe
1928	Unicorn-31496.exe
1928	Unicorn-31496.exe
1088	Unicorn-2908.exe
1088	Unicorn-2908.exe
2304	Unicorn-22774.exe
2304	Unicorn-22774.exe
2444	Unicorn-31522.exe
2444	Unicorn-31522.exe
2840	Unicorn-26858.exe
2840	Unicorn-26858.exe
2728	Unicorn-51388.exe
2728	Unicorn-51388.exe
1540	WerFault.exe
1540	WerFault.exe
1540	WerFault.exe
1540	WerFault.exe
1540	WerFault.exe
452	WerFault.exe
452	WerFault.exe
452	WerFault.exe
452	WerFault.exe
452	WerFault.exe
452	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2648	1460	WerFault.exe	27
2872	2932	WerFault.exe	28
2004	1936	WerFault.exe	30
1316	2608	WerFault.exe	29
1540	2284	WerFault.exe	32
452	2728	WerFault.exe	33
2372	2444	WerFault.exe	34
636	2708	WerFault.exe	37
1924	1928	WerFault.exe	36
2612	1088	WerFault.exe	39
2684	2304	WerFault.exe	40
2452	2840	WerFault.exe	38
1092	592	WerFault.exe	44
3036	1616	WerFault.exe	45
500	2296	WerFault.exe	48
2368	2796	WerFault.exe	49
2736	1632	WerFault.exe	47
1660	1848	WerFault.exe	50
2456	2164	WerFault.exe	54
1920	960	WerFault.exe	56
908	344	WerFault.exe	58
1640	1864	WerFault.exe	57
2808	2804	WerFault.exe	60
2816	644	WerFault.exe	59
1496	3028	WerFault.exe	61
2476	1572	WerFault.exe	66
2744	2984	WerFault.exe	63
2868	2332	WerFault.exe	65
2880	1500	WerFault.exe	64
1776	1488	WerFault.exe	62
868	2240	WerFault.exe	69
2660	2572	WerFault.exe	70
1712	2424	WerFault.exe	72
1008	1736	WerFault.exe	74
1512	2420	WerFault.exe	77
2068	2604	WerFault.exe	76
3092	2520	WerFault.exe	81
3160	1692	WerFault.exe	86
3176	2864	WerFault.exe	82
3236	2020	WerFault.exe	83
3284	2000	WerFault.exe	84
3588	1120	WerFault.exe	85
3716	2876	WerFault.exe	78
3852	804	WerFault.exe	150
4004	2212	WerFault.exe	168
3128	1764	WerFault.exe	102
3268	2856	WerFault.exe	80
3320	780	WerFault.exe	88
3524	2824	WerFault.exe	104
3552	1952	WerFault.exe	169
3620	2780	WerFault.exe	93
3660	624	WerFault.exe	87
3924	1336	WerFault.exe	89
3992	560	WerFault.exe	106
4000	2292	WerFault.exe	92
4064	2888	WerFault.exe	79
3084	2692	WerFault.exe	109
3232	2624	WerFault.exe	108
3400	2948	WerFault.exe	110
3412	2940	WerFault.exe	107
3572	1192	WerFault.exe	117
3612	2200	WerFault.exe	118
3844	2844	WerFault.exe	114
3804	768	WerFault.exe	126

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1460	4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe
2932	Unicorn-32618.exe
1936	Unicorn-20017.exe
2608	Unicorn-27631.exe
2284	Unicorn-10355.exe
2728	Unicorn-51388.exe
2444	Unicorn-31522.exe
2708	Unicorn-51362.exe
1928	Unicorn-31496.exe
2304	Unicorn-22774.exe
1088	Unicorn-2908.exe
2840	Unicorn-26858.exe
488	Unicorn-50651.exe
592	Unicorn-26701.exe
1616	Unicorn-23407.exe
2516	Unicorn-27299.exe
1632	Unicorn-35467.exe
2296	Unicorn-11517.exe
2796	Unicorn-10962.exe
1848	Unicorn-52550.exe
2164	Unicorn-59512.exe
960	Unicorn-34816.exe
1864	Unicorn-38900.exe
344	Unicorn-60067.exe
2804	Unicorn-51152.exe
644	Unicorn-31286.exe
3028	Unicorn-22372.exe
1488	Unicorn-22372.exe
1500	Unicorn-63212.exe
2332	Unicorn-9927.exe
2984	Unicorn-43346.exe
1572	Unicorn-51515.exe
2240	Unicorn-38189.exe
2572	Unicorn-14239.exe
2424	Unicorn-17577.exe
1736	Unicorn-9963.exe
2420	Unicorn-13492.exe
2604	Unicorn-13492.exe
2876	Unicorn-18131.exe
2520	Unicorn-17385.exe
2888	Unicorn-42081.exe
2856	Unicorn-63056.exe
2864	Unicorn-22346.exe
2000	Unicorn-26430.exe
2020	Unicorn-6564.exe
1692	Unicorn-26430.exe
1120	Unicorn-26430.exe
780	Unicorn-9901.exe
624	Unicorn-55573.exe
1336	Unicorn-31068.exe
2292	Unicorn-42403.exe
2780	Unicorn-18453.exe
2064	Unicorn-46487.exe
3040	Unicorn-37935.exe
920	Unicorn-5817.exe
2116	Unicorn-9154.exe
1764	Unicorn-38489.exe
896	Unicorn-986.exe
2824	Unicorn-39279.exe
2820	Unicorn-56170.exe
560	Unicorn-52086.exe
2940	Unicorn-64338.exe
2624	Unicorn-14582.exe
2692	Unicorn-55615.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 2932	1460	4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe	28
PID 1460 wrote to memory of 2932	1460	4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe	28
PID 1460 wrote to memory of 2932	1460	4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe	28
PID 1460 wrote to memory of 2932	1460	4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe	28
PID 2932 wrote to memory of 2608	2932	Unicorn-32618.exe	29
PID 2932 wrote to memory of 2608	2932	Unicorn-32618.exe	29
PID 2932 wrote to memory of 2608	2932	Unicorn-32618.exe	29
PID 2932 wrote to memory of 2608	2932	Unicorn-32618.exe	29
PID 1460 wrote to memory of 1936	1460	4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe	30
PID 1460 wrote to memory of 1936	1460	4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe	30
PID 1460 wrote to memory of 1936	1460	4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe	30
PID 1460 wrote to memory of 1936	1460	4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe	30
PID 1460 wrote to memory of 2648	1460	4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe	31
PID 1460 wrote to memory of 2648	1460	4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe	31
PID 1460 wrote to memory of 2648	1460	4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe	31
PID 1460 wrote to memory of 2648	1460	4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe	31
PID 1936 wrote to memory of 2284	1936	Unicorn-20017.exe	32
PID 1936 wrote to memory of 2284	1936	Unicorn-20017.exe	32
PID 1936 wrote to memory of 2284	1936	Unicorn-20017.exe	32
PID 1936 wrote to memory of 2284	1936	Unicorn-20017.exe	32
PID 2608 wrote to memory of 2728	2608	Unicorn-27631.exe	33
PID 2608 wrote to memory of 2728	2608	Unicorn-27631.exe	33
PID 2608 wrote to memory of 2728	2608	Unicorn-27631.exe	33
PID 2608 wrote to memory of 2728	2608	Unicorn-27631.exe	33
PID 2932 wrote to memory of 2444	2932	Unicorn-32618.exe	34
PID 2932 wrote to memory of 2444	2932	Unicorn-32618.exe	34
PID 2932 wrote to memory of 2444	2932	Unicorn-32618.exe	34
PID 2932 wrote to memory of 2444	2932	Unicorn-32618.exe	34
PID 2932 wrote to memory of 2872	2932	Unicorn-32618.exe	35
PID 2932 wrote to memory of 2872	2932	Unicorn-32618.exe	35
PID 2932 wrote to memory of 2872	2932	Unicorn-32618.exe	35
PID 2932 wrote to memory of 2872	2932	Unicorn-32618.exe	35
PID 1936 wrote to memory of 1928	1936	Unicorn-20017.exe	36
PID 1936 wrote to memory of 1928	1936	Unicorn-20017.exe	36
PID 1936 wrote to memory of 1928	1936	Unicorn-20017.exe	36
PID 1936 wrote to memory of 1928	1936	Unicorn-20017.exe	36
PID 2284 wrote to memory of 2708	2284	Unicorn-10355.exe	37
PID 2284 wrote to memory of 2708	2284	Unicorn-10355.exe	37
PID 2284 wrote to memory of 2708	2284	Unicorn-10355.exe	37
PID 2284 wrote to memory of 2708	2284	Unicorn-10355.exe	37
PID 2728 wrote to memory of 2840	2728	Unicorn-51388.exe	38
PID 2728 wrote to memory of 2840	2728	Unicorn-51388.exe	38
PID 2728 wrote to memory of 2840	2728	Unicorn-51388.exe	38
PID 2728 wrote to memory of 2840	2728	Unicorn-51388.exe	38
PID 2608 wrote to memory of 1088	2608	Unicorn-27631.exe	39
PID 2608 wrote to memory of 1088	2608	Unicorn-27631.exe	39
PID 2608 wrote to memory of 1088	2608	Unicorn-27631.exe	39
PID 2608 wrote to memory of 1088	2608	Unicorn-27631.exe	39
PID 2444 wrote to memory of 2304	2444	Unicorn-31522.exe	40
PID 2444 wrote to memory of 2304	2444	Unicorn-31522.exe	40
PID 2444 wrote to memory of 2304	2444	Unicorn-31522.exe	40
PID 2444 wrote to memory of 2304	2444	Unicorn-31522.exe	40
PID 1936 wrote to memory of 2004	1936	Unicorn-20017.exe	41
PID 1936 wrote to memory of 2004	1936	Unicorn-20017.exe	41
PID 1936 wrote to memory of 2004	1936	Unicorn-20017.exe	41
PID 1936 wrote to memory of 2004	1936	Unicorn-20017.exe	41
PID 2608 wrote to memory of 1316	2608	Unicorn-27631.exe	42
PID 2608 wrote to memory of 1316	2608	Unicorn-27631.exe	42
PID 2608 wrote to memory of 1316	2608	Unicorn-27631.exe	42
PID 2608 wrote to memory of 1316	2608	Unicorn-27631.exe	42
PID 2284 wrote to memory of 592	2284	Unicorn-10355.exe	44
PID 2284 wrote to memory of 592	2284	Unicorn-10355.exe	44
PID 2284 wrote to memory of 592	2284	Unicorn-10355.exe	44
PID 2284 wrote to memory of 592	2284	Unicorn-10355.exe	44

C:\Users\Admin\AppData\Local\Temp\4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4004d222015c2a0f67f5364313009b50_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27631.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51388.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26858.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10962.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30208.exe
        9⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe
        10⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        11⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8672.exe
        12⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
        13⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20970.exe
        14⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42696.exe
        15⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9312 -s 216
        14⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 236
        13⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 236
        12⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
        11⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 216
        10⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
        9⤵
        Program crash
        
        PID:3128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 236
        8⤵
        Program crash
        
        PID:1776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
        7⤵
        Program crash
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43346.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
        8⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60633.exe
        9⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17951.exe
        10⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
        11⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        12⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39511.exe
        13⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
        14⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9556 -s 216
        14⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
        13⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
        12⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        11⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 216
        10⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 216
        9⤵
        Program crash
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        8⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12714.exe
        9⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36119.exe
        10⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
        11⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49041.exe
        12⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30752.exe
        13⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
        14⤵
        
        PID:12756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11152 -s 216
        14⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 216
        13⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
        12⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
        11⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        10⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 236
        9⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
        8⤵
        Program crash
        
        PID:3588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
        7⤵
        Program crash
        
        PID:2744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
        6⤵
        Program crash
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52550.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9927.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
        8⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11240.exe
        9⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        10⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
        11⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28387.exe
        12⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        13⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41779.exe
        14⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
        15⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10676 -s 236
        15⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 216
        14⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
        13⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
        12⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        11⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
        10⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
        9⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
        10⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
        11⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        12⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33226.exe
        13⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        14⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10300 -s 216
        14⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 220
        13⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
        12⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        11⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        10⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        9⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
        8⤵
        Program crash
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23113.exe
        7⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
        8⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53612.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
        10⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
        11⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
        12⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33980.exe
        13⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10444 -s 216
        13⤵
        
        PID:12948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8200 -s 216
        12⤵
        
        PID:11176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
        11⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
        10⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
        9⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
        8⤵
        Program crash
        
        PID:3612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 220
        7⤵
        Program crash
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55573.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7156.exe
        8⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16991.exe
        9⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22030.exe
        10⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
        11⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64417.exe
        12⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46595.exe
        13⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51271.exe
        14⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11244 -s 220
        14⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 216
        13⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
        12⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
        11⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        10⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
        9⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58386.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30063.exe
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28766.exe
        10⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        11⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
        12⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 236
        12⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 236
        11⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        10⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
        9⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        8⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57504.exe
        8⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33374.exe
        9⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14282.exe
        10⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21878.exe
        11⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
        12⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11112 -s 216
        12⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 236
        11⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
        10⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
        9⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 216
        8⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 240
        7⤵
        Program crash
        
        PID:3660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
        6⤵
        Program crash
        
        PID:1660
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27299.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55615.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64909.exe
        9⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38179.exe
        10⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
        11⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
        12⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        13⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        14⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11006.exe
        15⤵
        
        PID:12696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10384 -s 216
        15⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 216
        14⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
        13⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
        12⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
        11⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
        10⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
        9⤵
        Program crash
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49128.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57504.exe
        9⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        10⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9492.exe
        11⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
        12⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35708.exe
        13⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 236
        13⤵
        
        PID:13160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8344 -s 216
        12⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 236
        11⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
        10⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 216
        9⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
        8⤵
        Program crash
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40213.exe
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11619.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48428.exe
        10⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
        11⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
        12⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        13⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        14⤵
        
        PID:13020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 236
        13⤵
        
        PID:12436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 236
        12⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
        11⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
        10⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
        9⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
        8⤵
        Program crash
        
        PID:3400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
        7⤵
        Program crash
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
        8⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        9⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64956.exe
        10⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49762.exe
        11⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        12⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe
        13⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 236
        13⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 236
        12⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
        11⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        10⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 216
        9⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
        8⤵
        Program crash
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
        7⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        7⤵
        Program crash
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31286.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39279.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        8⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22227.exe
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58978.exe
        10⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34308.exe
        11⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64417.exe
        12⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        13⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1743.exe
        14⤵
        
        PID:13264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 220
        14⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 216
        13⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
        12⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        11⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
        10⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
        9⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
        8⤵
        Program crash
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        7⤵
        
        PID:804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
        8⤵
        Program crash
        
        PID:3852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        7⤵
        Program crash
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64338.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        7⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48376.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49736.exe
        9⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51599.exe
        10⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31125.exe
        11⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28962.exe
        12⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 216
        12⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
        11⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
        10⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 236
        9⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 236
        8⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 216
        7⤵
        Program crash
        
        PID:3412
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 240
        6⤵
        Program crash
        
        PID:2816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
        5⤵
        Program crash
        
        PID:2612
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31522.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31522.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63212.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9901.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
        8⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
        9⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48205.exe
        10⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18382.exe
        11⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
        12⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49179.exe
        13⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
        14⤵
        
        PID:12596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10784 -s 216
        14⤵
        
        PID:12892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
        13⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
        12⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
        11⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        10⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
        9⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        9⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14681.exe
        10⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40515.exe
        11⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        12⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29590.exe
        13⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10692 -s 216
        13⤵
        
        PID:12544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
        12⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
        11⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
        10⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        9⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
        8⤵
        Program crash
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
        7⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 220
        8⤵
        Program crash
        
        PID:3844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
        7⤵
        Program crash
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38895.exe
        7⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe
        8⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 220
        9⤵
        Program crash
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
        10⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28237.exe
        11⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe
        12⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39232.exe
        13⤵
        
        PID:13008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10988 -s 220
        13⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
        12⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 236
        11⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
        10⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
        9⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
        8⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52828.exe
        7⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12579.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
        9⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe
        10⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
        11⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46424.exe
        12⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 216
        12⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 236
        11⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        10⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        9⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 216
        8⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
        7⤵
        Program crash
        
        PID:3924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
        6⤵
        Program crash
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51515.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        7⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58594.exe
        9⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52123.exe
        10⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
        11⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48795.exe
        12⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30083.exe
        13⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11156 -s 216
        13⤵
        
        PID:12672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 220
        12⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
        11⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 236
        10⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
        9⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 236
        8⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        7⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45579.exe
        8⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31542.exe
        9⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57359.exe
        10⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 224
        11⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 236
        10⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        9⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 236
        8⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
        7⤵
        Program crash
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
        6⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe
        7⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 220
        8⤵
        Program crash
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42241.exe
        7⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        8⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27841.exe
        9⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        10⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
        11⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 216
        11⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
        10⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        8⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
        7⤵
        
        PID:3892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        6⤵
        Program crash
        
        PID:2476
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
        5⤵
        Program crash
        
        PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22346.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29627.exe
        8⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56046.exe
        9⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6643.exe
        10⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30484.exe
        11⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
        12⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        13⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10464 -s 220
        13⤵
        
        PID:13040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 220
        12⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 216
        11⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        10⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
        9⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 216
        8⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 216
        7⤵
        Program crash
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60062.exe
        6⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52273.exe
        7⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27598.exe
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38366.exe
        9⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
        10⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8200.exe
        11⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51172.exe
        12⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
        13⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10304 -s 216
        13⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 216
        12⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
        11⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
        10⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
        9⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
        8⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51962.exe
        8⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
        9⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38652.exe
        10⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        11⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13035.exe
        12⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11236 -s 216
        12⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 220
        11⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
        10⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        9⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
        8⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
        7⤵
        
        PID:5000
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
        6⤵
        Program crash
        
        PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
        6⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48189.exe
        7⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62299.exe
        8⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27266.exe
        9⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25590.exe
        10⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        11⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47643.exe
        12⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
        11⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
        10⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
        9⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 216
        8⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12382.exe
        8⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        9⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        10⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
        11⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 236
        11⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 236
        10⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        9⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        8⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        7⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7903.exe
        6⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62107.exe
        7⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64406.exe
        8⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
        9⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
        10⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11846.exe
        11⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13938.exe
        12⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 216
        12⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
        11⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
        10⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
        9⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        8⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
        7⤵
        
        PID:4964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        6⤵
        Program crash
        
        PID:3236
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        5⤵
        Program crash
        
        PID:500
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
      4⤵
      Program crash
      PID:2372
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59512.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38189.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
        9⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        10⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36892.exe
        11⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        12⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe
        13⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14617.exe
        14⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
        15⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10292 -s 236
        15⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 236
        14⤵
        
        PID:11124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 236
        13⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        11⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
        10⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57488.exe
        9⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53228.exe
        10⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48423.exe
        11⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25056.exe
        12⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40626.exe
        13⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64421.exe
        14⤵
        
        PID:13084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10312 -s 216
        14⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
        13⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 216
        12⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        11⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
        10⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
        9⤵
        Program crash
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe
        8⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17738.exe
        9⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40421.exe
        10⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43270.exe
        11⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41584.exe
        12⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39942.exe
        13⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        14⤵
        
        PID:12316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10480 -s 216
        14⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 216
        13⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
        12⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
        11⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        10⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 236
        9⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
        8⤵
        Program crash
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18453.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33332.exe
        8⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20177.exe
        9⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49528.exe
        10⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        11⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34189.exe
        12⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14098.exe
        13⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11395.exe
        14⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10608 -s 216
        14⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 216
        13⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
        12⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
        11⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 216
        10⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
        9⤵
        Program crash
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37067.exe
        8⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33000.exe
        9⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11863.exe
        10⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        11⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49516.exe
        12⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52568.exe
        13⤵
        
        PID:11092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 236
        13⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        12⤵
        
        PID:10776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
        11⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        10⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 216
        9⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        8⤵
        Program crash
        
        PID:3620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        7⤵
        Program crash
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14239.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46487.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16996.exe
        8⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9377.exe
        9⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe
        10⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        11⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4635.exe
        12⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12230.exe
        13⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41650.exe
        14⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11024 -s 216
        14⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 220
        13⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
        12⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
        11⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        10⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
        9⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26460.exe
        8⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
        9⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        10⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        11⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55126.exe
        12⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
        13⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10352 -s 216
        13⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 216
        12⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 216
        11⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        10⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        9⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
        8⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
        7⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
        9⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
        10⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43831.exe
        11⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
        12⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27478.exe
        13⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11224 -s 216
        13⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 216
        12⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
        10⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        9⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
        8⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
        7⤵
        Program crash
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35562.exe
        5⤵
        Executes dropped EXE
        
        PID:1548
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        5⤵
        Program crash
        
        PID:636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34816.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37935.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28864.exe
        8⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6793.exe
        9⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36145.exe
        10⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52315.exe
        11⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20356.exe
        12⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20970.exe
        13⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        14⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9264 -s 236
        13⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
        12⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
        11⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        10⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
        9⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31852.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
        9⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63882.exe
        10⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-743.exe
        11⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        12⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
        13⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10432 -s 216
        13⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 216
        12⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
        11⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
        10⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        9⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        8⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4914.exe
        7⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37790.exe
        9⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
        10⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
        11⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18178.exe
        12⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51271.exe
        13⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8788 -s 216
        12⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 216
        11⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
        10⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
        9⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 236
        8⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
        7⤵
        Program crash
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5817.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
        7⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43550.exe
        8⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52481.exe
        9⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64567.exe
        10⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe
        11⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48110.exe
        12⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39211.exe
        13⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10628 -s 216
        13⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 216
        12⤵
        
        PID:11644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
        11⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
        10⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
        9⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 236
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52081.exe
        7⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29098.exe
        9⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18367.exe
        10⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58826.exe
        11⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38085.exe
        12⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11056 -s 236
        12⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 216
        11⤵
        
        PID:11408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
        10⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 236
        9⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
        8⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 240
        7⤵
        
        PID:4400
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
        6⤵
        Program crash
        
        PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        6⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48402.exe
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63446.exe
        8⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54043.exe
        9⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe
        10⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
        11⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        12⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10452 -s 236
        12⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 220
        11⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
        10⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 236
        9⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
        8⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        7⤵
        
        PID:4524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
        6⤵
        Program crash
        
        PID:1008
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
        5⤵
        Program crash
        
        PID:1092
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38900.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9154.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1619.exe
        8⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
        9⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64733.exe
        10⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
        11⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11926.exe
        12⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65323.exe
        13⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24354.exe
        14⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10308 -s 216
        14⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 216
        13⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
        12⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
        11⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        10⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 236
        9⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56565.exe
        9⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29290.exe
        10⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30811.exe
        11⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13325.exe
        12⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
        12⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21209.exe
        13⤵
        
        PID:956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 236
        13⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8764 -s 220
        12⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
        11⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
        10⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        9⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        8⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22786.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
        9⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40639.exe
        10⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21740.exe
        11⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41779.exe
        12⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16928.exe
        13⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10624 -s 216
        13⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 216
        12⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
        11⤵
        
        PID:10204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 236
        10⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
        9⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 236
        8⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        7⤵
        Program crash
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
        9⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        10⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34109.exe
        11⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30425.exe
        12⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        13⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11288 -s 236
        13⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 236
        12⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
        11⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
        10⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
        9⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 216
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        7⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4022.exe
        8⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
        9⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe
        10⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
        11⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9416 -s 236
        11⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 216
        10⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
        9⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
        8⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 220
        7⤵
        
        PID:4200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
        6⤵
        Program crash
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        7⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe
        8⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        9⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52336.exe
        10⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
        11⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24997.exe
        12⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10712 -s 220
        13⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 216
        12⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 236
        11⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        10⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
        9⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 236
        8⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33187.exe
        8⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
        9⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21029.exe
        10⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
        11⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46092.exe
        12⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11080 -s 216
        12⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
        11⤵
        
        PID:12236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
        10⤵
        
        PID:9460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        9⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
        8⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
        7⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10150.exe
        6⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58983.exe
        7⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
        8⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
        9⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14282.exe
        10⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1457.exe
        11⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        12⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11084 -s 216
        12⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 216
        11⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
        10⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 236
        9⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        8⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
        7⤵
        
        PID:5176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 220
        6⤵
        Program crash
        
        PID:3716
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        5⤵
        Program crash
        
        PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60067.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
        6⤵
        Program crash
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
        6⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48184.exe
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
        8⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42310.exe
        9⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7074.exe
        10⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50082.exe
        11⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
        12⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11188 -s 216
        12⤵
        
        PID:12580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 216
        11⤵
        
        PID:11456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 236
        10⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
        9⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        8⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
        7⤵
        
        PID:5356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 236
        6⤵
        Program crash
        
        PID:3992
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 220
        5⤵
        Program crash
        
        PID:908
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
      4⤵
      Program crash
      PID:1924
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 240
  2⤵
  - Program crash
  PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe

Filesize
184KB

MD5
374169ec3d01262d679a0a3b27bb5fdb

SHA1
806fd7dd64ab60d32c723005cd59db2a0d93f078

SHA256
6664cb0f95f011c3cc57bb31f79c7d17dfa049e3a7e827c2dee2426ea9df9d81

SHA512
cb2d217ce15351a9dcac39882dcdc5cae975cb91cab59af9461672f253def21e79f4efdc4afa8c82148d816b9f0bdca82a39986bca56bdb62b79d0875a869c71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe

Filesize
184KB

MD5
b43b7e3472d1f160a2ea9a85f58d47bf

SHA1
880006938f571b0b51a4033c55ff80fc4d63c2fd

SHA256
cc69b153183fa4a994d328323d74956a2a1173db4b931264cbcdad5f07d8562c

SHA512
2414ea5f52eb2e389e1dd53b8048d2513fb610919da3cbe6693f229ab4b66ddc95474b77316511c33132d7225a70c4fa52c56e4f486980f51a8f88ad81531851

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe

Filesize
184KB

MD5
e36f2dac47b819348ea46773decfef4a

SHA1
e6ab6f967a47404eec2a13828d2a128ea8417cc3

SHA256
7a1ae0a38d5bbd8b55e25da4fd2693f5e8e286b9b75eb17a6c82c0658feafd7f

SHA512
53b7907ecc3218faf192a1f8286833a04851a9b63686f3ff7b1daa4fba6602fbf655110ecc479e85535d4b41d7ce07edf8952106be5b946575cb38676cd3ff21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe

Filesize
184KB

MD5
3d98d36e794932c75e3eb67cd7d559a8

SHA1
8c5c5e4019b54887c58e5d4e129c3a058a21d0d1

SHA256
b1a4a46e0600e7b75b808486fece731832e269f4b929104777a9040afc1ecd59

SHA512
37917101034478128c1ac8887b32723ffe86c4059e07597460008c991b9a79626534d94cb76ad0e216b1192f1ecfaea762de45692b8f80d47b7539d18043c8ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe

Filesize
184KB

MD5
8a2cc8640116f7491b7da8fc5c7247cf

SHA1
b299aae09109a5981e90e3ee6569013fd147ad89

SHA256
c70c9a777dd2f32983387ced79da109613e81779cef33563d2d40d83c3ce750f

SHA512
6d091a73160e2c28f005a559016bf1bd72522488b6fdfc26a6fcf8f3f6d29b8d73962d53840ccfc9268390abe09f61c5564825ab321e10313478db7a16931e04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe

Filesize
184KB

MD5
3b4c1d78f864010a074159b6ef52043b

SHA1
ecbdf753f880b02e937658283f9e7b7a47073b0e

SHA256
2a2bd2479de753d57fc3d6567ca122d7bcc2d211af1ec6794dba6e1cfdf43b93

SHA512
c626399f4ac7c1b68f2d98caf51b34f802244bb87eb7a60d7e3919b3d972bc55517abd142615aa7ef92839028b9c53c3ff5929b3bf73bb02f2cb0c2c3f30d3ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6793.exe

Filesize
184KB

MD5
3ac8214370e0486fd64273ee2e769b70

SHA1
f646e6dcdb0ed72f2d1fb23f1075e00d1dc89772

SHA256
3a748b641eca5056278e008cfe6995762814eed710564e10ec01a5f84c3a91ef

SHA512
12610303a345e2fbd65247e05d22ec1f2e0ae6f358156d97898f4a83c27a5faab3211f7ce6b82edb6e73c0f6a9a9f2d3b09a1220eacf77f3f4ec2a66e9ec65ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe

Filesize
184KB

MD5
eeb432c4db0d8ba7e4fb23a9c25da9fe

SHA1
863d75b1aac81cc6b5fa3deda820860597453727

SHA256
35475bc00e970c6b26338a08740d269e717cb3cb97b48569a78a2ca79c3a8bd7

SHA512
5155452de712c5cef046a42a20e27c2d067aabbe5875d6872b4e683fe81263d70ce10168b5ad02d9609d5b42c60adb1e79a30d113a8446af8da1c34c8f1cb4f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe

Filesize
184KB

MD5
7c94dbde093886c688b917dca7d46ad0

SHA1
326e6de7c960e48b341fb0981fb6356badadf7d5

SHA256
35ca56e3e85ee4383083818f18a13caa5b8a109c0ee24f9fe8bb1ef2252b82e5

SHA512
df00e137cfcfd5e9a0a5a7397aa4bc61c45f751a12da9cc1092e0446c9c6b21b7151d4c6065e9f97a7d453ba4cfa748ef33725e1ce3bed963dba4069d2d2af8d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe

Filesize
184KB

MD5
e480505d9baecc51daffc2eb353c1fec

SHA1
e2051d4da366b5051f789d85846de02fdc9c66e0

SHA256
0b4c5a286f80d66dff38e9acc34dd71de7e4d458c3e264ae9305eccc070e7564

SHA512
2648acd7f2a2a1d1ee3176eac0b605f58fc0d647565c6ea468e62291577d9c7b913ef6b5deea0d17b776c2c466282d858d6ef2fa493bfe6de7da93bcf478a06f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe

Filesize
184KB

MD5
e1310e3c41ab35e177e03e9fc3dbb8d2

SHA1
6bcca5cc914c8a195121da60a122d3a1287bc59a

SHA256
eea4472488a1e6a0eb47e7b1f510d86d827f59b92e15a6e6099359e822bd7fed

SHA512
566c85baf13c62f263f4fbb29f5428523f0cc7f1dfc9ed1a60055e03a914abf1a4de63844cbc8a501d9f3ad1a1fe67bce58128081b53c272bf6193b336a7be89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26858.exe

Filesize
184KB

MD5
83bb5e02b337216587e5301cf7646a64

SHA1
ece3df8238ffe3720813b94e83e3c4e976f3c93c

SHA256
e6c08348ece941c06420607473d8be105b777f2d3cd13a4ac0f9540ad23a15e2

SHA512
a9244f701febba89be31f4f6cec49ae48449583488607ae1dd9fb43bc514616c0d0ecfa667c01f2cce616386f56e1c2444ecd3838f10c926fa32f456a02d8bf6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27631.exe

Filesize
184KB

MD5
3c1ff7fc0b1402a51568811fc20d19d5

SHA1
e91e28429b07c937272681923efb802e782a0a40

SHA256
37f732af2dea990602906d2418a3084291b1d0f7bed27d2cd0eb329320df85ef

SHA512
cb97e6975c47bb8c47574893727481dd13c7bb430aa934d05c600af726bfbc56857a38eced25bb76d0960af7757db3c11bbf2c407e7db456d3ccd8d26396e4e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe

Filesize
184KB

MD5
42ee929df44711b96c295e1ae3b6bba1

SHA1
dd5c21745f1ddf7848e7529534228433ffae3d15

SHA256
11feb41f420d033c1e66fb3d56c2ee2e3edb54e7616bb649b910970eff8f862d

SHA512
f52d24edba1b71a31179ba88fba90d66d6b00d55f9c6778a0414bd8b46cd542546d9cf0e241f375a455ad26af5959ba6a797ab6caace842ba7ce8ebf3e94407c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe

Filesize
184KB

MD5
17f18ad0f95fed03f8e86ff170cb8204

SHA1
6690a6e8f222c59cd4d25be3aadb3c13fcdd871c

SHA256
e8b1c45f855f9e8a76750c9b64b8d9c87e6a44ece6002c2482546f8107f841ba

SHA512
f933e4a8d96464dd600fb0cd4a4147e839b09a1c5362fc3246828486b13409966772759fe26f52a353b881562349fe197c02b61c33e29f572003f8bcb1f7258b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31522.exe

Filesize
184KB

MD5
981e18f12e6dcd31292021dd4167db46

SHA1
094070911b1964c189c78159d01fa86e71b7e554

SHA256
e23cc15f0948a4d012aba2f951b7bc6f9e1982f78c73aba83d638510abfe9758

SHA512
68cb0695ba301ef3ae77d704ea5546e1c69d83835a40ddac441e782a139061b02d8e8af63607134915edec0b1c866c031cc2aa572020d26e189bf6084346f683

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe

Filesize
184KB

MD5
8998eae4b48c615712e2dfdf3e818f81

SHA1
3e9de2ef6a929a9f3e8543bc8748ad873117b0b8

SHA256
32186f787810a678b2cc69995a47c93cd79a28987fcb004a00bf936e8f8e446d

SHA512
11c0063b1ddb26ffbbf45781a3038c671e5263288f8a907ef513940307138141c75d6aa833c97932f786b94060c537741633d42ae2aa626d625424790f8a1ed9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe

Filesize
184KB

MD5
b4eb1cef1cb0146fa9e35b4225d4caad

SHA1
3687d10f9ff2a8212f0424d7285d8a6b805fd07a

SHA256
eb6562f3b993e39b107086843fda042e7e32ae10e4102234eb481c1e6f944b86

SHA512
3e22e146dc7ea44b2f53008d531ac6ee8bb1bcb4c730b6415bc9b19c77460dd3ddb3355b9999c782e2a03da99fd869377454a1f327874b937b466db4acca9b61

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe

Filesize
184KB

MD5
6b77aec2d85358049276bd82e3bc4809

SHA1
01bcb9246c48233c6da7176d13bb8b2f7c7cff50

SHA256
0258c49e0b72d0c1d115f86c278bd5af176b18158960e18fa71dedc468cbd2ff

SHA512
c6e47d3eb89b613c649bcec880b06e95a9bd1de25c32c5bb3af0033dcbdef354ae12ca65c93a4e07258f1e9062104ef30e5f400357ebff2de6c594632e046d24

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51388.exe

Filesize
184KB

MD5
254501d16e075869e518371b9f684054

SHA1
2b4f9a9f39c097867736abb417d8ef3785b91d6c

SHA256
800f9953d5109b8c6a07e642cfb585f85c737dead1324b089bea37f0e1fe1207

SHA512
3b9bc6b69c3a6601a1dac2378fa2e3aaa8d79e82ee4f3dd3ffac1701427423393981119746076564046a8a493deec3963894130b44ba576ca15ffbc43ae698b5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads