7a08fb296fe2117ce72f5bdc9431e1547e2de1ee0ef9badf3bd8efb2e8fac2fb

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 11:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe
Size

184KB
MD5

41ea42b5a8191c4ccce9a1072884c4f0
SHA1

f4ec3c2bd363769e5653638b43930efab89ebd9c
SHA256

7a08fb296fe2117ce72f5bdc9431e1547e2de1ee0ef9badf3bd8efb2e8fac2fb
SHA512

c01ce13c074bd798500c1a0c7476d9b4cad11540827b13082fb7e8a535c6e14c03241c3a8913c0c18d20000675a61894d950bf8f80fcfaebda6d5539b37207f0
SSDEEP

3072:ChE33xoUh0TdyELTmELRKsZhlnniFyn3:ChKoZyErLYsZhlnniFy

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1856	Unicorn-5002.exe
2196	Unicorn-14213.exe
1636	Unicorn-59885.exe
2584	Unicorn-15604.exe
2328	Unicorn-65360.exe
2468	Unicorn-23773.exe
2564	Unicorn-58427.exe
2712	Unicorn-12755.exe
1412	Unicorn-37068.exe
2116	Unicorn-21286.exe
2108	Unicorn-41152.exe
2016	Unicorn-20898.exe
2952	Unicorn-9392.exe
1948	Unicorn-29258.exe
1928	Unicorn-63274.exe
320	Unicorn-51577.exe
1296	Unicorn-14073.exe
924	Unicorn-63829.exe
824	Unicorn-24606.exe
2128	Unicorn-8824.exe
2376	Unicorn-28690.exe
1288	Unicorn-21076.exe
348	Unicorn-45026.exe
888	Unicorn-37604.exe
2180	Unicorn-4185.exe
3052	Unicorn-58025.exe
2120	Unicorn-12353.exe
1700	Unicorn-61917.exe
1612	Unicorn-16246.exe
1420	Unicorn-20330.exe
2744	Unicorn-15727.exe
2620	Unicorn-8113.exe
2892	Unicorn-44123.exe
2636	Unicorn-11450.exe
2580	Unicorn-65290.exe
2980	Unicorn-23703.exe
2544	Unicorn-11813.exe
2532	Unicorn-39847.exe
2812	Unicorn-48015.exe
2568	Unicorn-48015.exe
2552	Unicorn-36317.exe
1776	Unicorn-60267.exe
1544	Unicorn-44678.exe
1764	Unicorn-44678.exe
1780	Unicorn-3090.exe
1312	Unicorn-7174.exe
1192	Unicorn-11258.exe
1028	Unicorn-56930.exe
1808	Unicorn-35400.exe
1088	Unicorn-19426.exe
748	Unicorn-51544.exe
1868	Unicorn-63796.exe
688	Unicorn-65420.exe
2140	Unicorn-51352.exe
2392	Unicorn-61144.exe
1728	Unicorn-52099.exe
1468	Unicorn-48145.exe
1516	Unicorn-4372.exe
2708	Unicorn-16625.exe
2748	Unicorn-62296.exe
2500	Unicorn-9203.exe
2488	Unicorn-41321.exe
2528	Unicorn-45405.exe
904	Unicorn-37599.exe

Loads dropped DLL 64 IoCs

pid	Process
1824	41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe
1824	41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe
1856	Unicorn-5002.exe
1824	41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe
1856	Unicorn-5002.exe
1824	41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe
2196	Unicorn-14213.exe
2196	Unicorn-14213.exe
1856	Unicorn-5002.exe
1856	Unicorn-5002.exe
1636	Unicorn-59885.exe
1636	Unicorn-59885.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2196	Unicorn-14213.exe
2584	Unicorn-15604.exe
2196	Unicorn-14213.exe
2584	Unicorn-15604.exe
2468	Unicorn-23773.exe
2468	Unicorn-23773.exe
2328	Unicorn-65360.exe
2328	Unicorn-65360.exe
1636	Unicorn-59885.exe
1636	Unicorn-59885.exe
1348	WerFault.exe
1348	WerFault.exe
1348	WerFault.exe
1348	WerFault.exe
856	WerFault.exe
856	WerFault.exe
856	WerFault.exe
856	WerFault.exe
1348	WerFault.exe
856	WerFault.exe
2564	Unicorn-58427.exe
2564	Unicorn-58427.exe
2584	Unicorn-15604.exe
2584	Unicorn-15604.exe
2712	Unicorn-12755.exe
2712	Unicorn-12755.exe
1412	Unicorn-37068.exe
1412	Unicorn-37068.exe
2468	Unicorn-23773.exe
2468	Unicorn-23773.exe
2108	Unicorn-41152.exe
2108	Unicorn-41152.exe
2328	Unicorn-65360.exe
2328	Unicorn-65360.exe
2360	WerFault.exe
2360	WerFault.exe
2360	WerFault.exe
2360	WerFault.exe
2360	WerFault.exe
316	WerFault.exe
316	WerFault.exe
316	WerFault.exe
316	WerFault.exe
316	WerFault.exe
2096	WerFault.exe
2096	WerFault.exe
2096	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2740	1824	WerFault.exe	27
2992	1856	WerFault.exe	28
1348	2196	WerFault.exe	29
856	1636	WerFault.exe	30
2360	2584	WerFault.exe	32
316	2468	WerFault.exe	34
2096	2328	WerFault.exe	33
1624	2712	WerFault.exe	37
2960	2564	WerFault.exe	36
3000	1412	WerFault.exe	38
2944	2108	WerFault.exe	39
3044	2116	WerFault.exe	40
2012	1312	WerFault.exe	85
2268	2016	WerFault.exe	43
2388	2952	WerFault.exe	44
2448	1948	WerFault.exe	45
764	1928	WerFault.exe	46
292	1296	WerFault.exe	48
2816	924	WerFault.exe	49
2100	320	WerFault.exe	47
1688	2376	WerFault.exe	55
1556	2128	WerFault.exe	54
280	824	WerFault.exe	53
1512	348	WerFault.exe	57
3024	1288	WerFault.exe	56
880	1700	WerFault.exe	62
2920	2120	WerFault.exe	61
2256	2180	WerFault.exe	59
940	1612	WerFault.exe	63
2592	888	WerFault.exe	58
2684	1420	WerFault.exe	64
2576	2744	WerFault.exe	70
2872	2620	WerFault.exe	71
2792	2892	WerFault.exe	72
1724	2636	WerFault.exe	73
2188	2580	WerFault.exe	74
1584	2980	WerFault.exe	75
2760	1764	WerFault.exe	83
2136	1776	WerFault.exe	81
3132	2544	WerFault.exe	76
3124	2568	WerFault.exe	79
3140	2812	WerFault.exe	78
3260	2532	WerFault.exe	77
3268	1192	WerFault.exe	86
3292	1028	WerFault.exe	87
3364	2552	WerFault.exe	80
3372	1780	WerFault.exe	84
3400	1544	WerFault.exe	82
3420	3052	WerFault.exe	60
4080	1808	WerFault.exe	95
3352	688	WerFault.exe	100
3876	1468	WerFault.exe	104
4052	1800	WerFault.exe	119
3816	1088	WerFault.exe	97
3572	2796	WerFault.exe	112
3668	2528	WerFault.exe	110
4008	748	WerFault.exe	98
3532	2140	WerFault.exe	101
3768	1868	WerFault.exe	99
3772	1516	WerFault.exe	105
3204	2392	WerFault.exe	102
4076	1240	WerFault.exe	139
2884	2988	WerFault.exe	140
4108	2764	WerFault.exe	145

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1824	41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe
1856	Unicorn-5002.exe
2196	Unicorn-14213.exe
1636	Unicorn-59885.exe
2584	Unicorn-15604.exe
2328	Unicorn-65360.exe
2468	Unicorn-23773.exe
2564	Unicorn-58427.exe
2712	Unicorn-12755.exe
1412	Unicorn-37068.exe
2108	Unicorn-41152.exe
2116	Unicorn-21286.exe
2016	Unicorn-20898.exe
2952	Unicorn-9392.exe
1948	Unicorn-29258.exe
1928	Unicorn-63274.exe
320	Unicorn-51577.exe
1296	Unicorn-14073.exe
924	Unicorn-63829.exe
2128	Unicorn-8824.exe
824	Unicorn-24606.exe
2376	Unicorn-28690.exe
1288	Unicorn-21076.exe
348	Unicorn-45026.exe
888	Unicorn-37604.exe
2180	Unicorn-4185.exe
3052	Unicorn-58025.exe
1700	Unicorn-61917.exe
2120	Unicorn-12353.exe
1420	Unicorn-20330.exe
1612	Unicorn-16246.exe
2744	Unicorn-15727.exe
2620	Unicorn-8113.exe
2892	Unicorn-44123.exe
2636	Unicorn-11450.exe
2580	Unicorn-65290.exe
2980	Unicorn-23703.exe
2544	Unicorn-11813.exe
2532	Unicorn-39847.exe
2552	Unicorn-36317.exe
2812	Unicorn-48015.exe
2568	Unicorn-48015.exe
1776	Unicorn-60267.exe
1544	Unicorn-44678.exe
1764	Unicorn-44678.exe
1780	Unicorn-3090.exe
1312	Unicorn-7174.exe
1192	Unicorn-11258.exe
1028	Unicorn-56930.exe
1808	Unicorn-35400.exe
1088	Unicorn-19426.exe
748	Unicorn-51544.exe
1868	Unicorn-63796.exe
688	Unicorn-65420.exe
2140	Unicorn-51352.exe
2392	Unicorn-61144.exe
1728	Unicorn-52099.exe
1468	Unicorn-48145.exe
1516	Unicorn-4372.exe
2708	Unicorn-16625.exe
2748	Unicorn-62296.exe
2500	Unicorn-9203.exe
2488	Unicorn-41321.exe
2528	Unicorn-45405.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 1856	1824	41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe	28
PID 1824 wrote to memory of 1856	1824	41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe	28
PID 1824 wrote to memory of 1856	1824	41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe	28
PID 1824 wrote to memory of 1856	1824	41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe	28
PID 1856 wrote to memory of 2196	1856	Unicorn-5002.exe	29
PID 1856 wrote to memory of 2196	1856	Unicorn-5002.exe	29
PID 1856 wrote to memory of 2196	1856	Unicorn-5002.exe	29
PID 1856 wrote to memory of 2196	1856	Unicorn-5002.exe	29
PID 1824 wrote to memory of 1636	1824	41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe	30
PID 1824 wrote to memory of 1636	1824	41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe	30
PID 1824 wrote to memory of 1636	1824	41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe	30
PID 1824 wrote to memory of 1636	1824	41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe	30
PID 1824 wrote to memory of 2740	1824	41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe	31
PID 1824 wrote to memory of 2740	1824	41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe	31
PID 1824 wrote to memory of 2740	1824	41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe	31
PID 1824 wrote to memory of 2740	1824	41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe	31
PID 2196 wrote to memory of 2584	2196	Unicorn-14213.exe	32
PID 2196 wrote to memory of 2584	2196	Unicorn-14213.exe	32
PID 2196 wrote to memory of 2584	2196	Unicorn-14213.exe	32
PID 2196 wrote to memory of 2584	2196	Unicorn-14213.exe	32
PID 1856 wrote to memory of 2328	1856	Unicorn-5002.exe	33
PID 1856 wrote to memory of 2328	1856	Unicorn-5002.exe	33
PID 1856 wrote to memory of 2328	1856	Unicorn-5002.exe	33
PID 1856 wrote to memory of 2328	1856	Unicorn-5002.exe	33
PID 1636 wrote to memory of 2468	1636	Unicorn-59885.exe	34
PID 1636 wrote to memory of 2468	1636	Unicorn-59885.exe	34
PID 1636 wrote to memory of 2468	1636	Unicorn-59885.exe	34
PID 1636 wrote to memory of 2468	1636	Unicorn-59885.exe	34
PID 1856 wrote to memory of 2992	1856	Unicorn-5002.exe	35
PID 1856 wrote to memory of 2992	1856	Unicorn-5002.exe	35
PID 1856 wrote to memory of 2992	1856	Unicorn-5002.exe	35
PID 1856 wrote to memory of 2992	1856	Unicorn-5002.exe	35
PID 2196 wrote to memory of 2564	2196	Unicorn-14213.exe	36
PID 2196 wrote to memory of 2564	2196	Unicorn-14213.exe	36
PID 2196 wrote to memory of 2564	2196	Unicorn-14213.exe	36
PID 2196 wrote to memory of 2564	2196	Unicorn-14213.exe	36
PID 2584 wrote to memory of 2712	2584	Unicorn-15604.exe	37
PID 2584 wrote to memory of 2712	2584	Unicorn-15604.exe	37
PID 2584 wrote to memory of 2712	2584	Unicorn-15604.exe	37
PID 2584 wrote to memory of 2712	2584	Unicorn-15604.exe	37
PID 2468 wrote to memory of 1412	2468	Unicorn-23773.exe	38
PID 2468 wrote to memory of 1412	2468	Unicorn-23773.exe	38
PID 2468 wrote to memory of 1412	2468	Unicorn-23773.exe	38
PID 2468 wrote to memory of 1412	2468	Unicorn-23773.exe	38
PID 2328 wrote to memory of 2108	2328	Unicorn-65360.exe	39
PID 2328 wrote to memory of 2108	2328	Unicorn-65360.exe	39
PID 2328 wrote to memory of 2108	2328	Unicorn-65360.exe	39
PID 2328 wrote to memory of 2108	2328	Unicorn-65360.exe	39
PID 1636 wrote to memory of 2116	1636	Unicorn-59885.exe	40
PID 1636 wrote to memory of 2116	1636	Unicorn-59885.exe	40
PID 1636 wrote to memory of 2116	1636	Unicorn-59885.exe	40
PID 1636 wrote to memory of 2116	1636	Unicorn-59885.exe	40
PID 2196 wrote to memory of 1348	2196	Unicorn-14213.exe	41
PID 2196 wrote to memory of 1348	2196	Unicorn-14213.exe	41
PID 2196 wrote to memory of 1348	2196	Unicorn-14213.exe	41
PID 2196 wrote to memory of 1348	2196	Unicorn-14213.exe	41
PID 1636 wrote to memory of 856	1636	Unicorn-59885.exe	42
PID 1636 wrote to memory of 856	1636	Unicorn-59885.exe	42
PID 1636 wrote to memory of 856	1636	Unicorn-59885.exe	42
PID 1636 wrote to memory of 856	1636	Unicorn-59885.exe	42
PID 2564 wrote to memory of 2016	2564	Unicorn-58427.exe	43
PID 2564 wrote to memory of 2016	2564	Unicorn-58427.exe	43
PID 2564 wrote to memory of 2016	2564	Unicorn-58427.exe	43
PID 2564 wrote to memory of 2016	2564	Unicorn-58427.exe	43

C:\Users\Admin\AppData\Local\Temp\41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\41ea42b5a8191c4ccce9a1072884c4f0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5002.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5002.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15604.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29258.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45026.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23703.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44694.exe
        10⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
        11⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
        12⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
        13⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63452.exe
        14⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47724.exe
        15⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 216
        15⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
        14⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
        13⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        12⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 236
        11⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55275.exe
        10⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
        11⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        12⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
        13⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
        14⤵
        
        PID:11716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
        14⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
        13⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        12⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
        11⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        10⤵
        Program crash
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49333.exe
        9⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        10⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
        11⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        12⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        13⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        14⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 216
        14⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
        13⤵
        
        PID:9440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
        12⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 236
        11⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        10⤵
        Program crash
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        9⤵
        Program crash
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
        9⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29640.exe
        10⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24072.exe
        11⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        12⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15569.exe
        13⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31938.exe
        14⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 216
        14⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
        13⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
        12⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        11⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
        10⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4995.exe
        10⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12992.exe
        11⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58403.exe
        12⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28814.exe
        13⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 216
        13⤵
        
        PID:12612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
        12⤵
        
        PID:11148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
        11⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        10⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        9⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 240
        8⤵
        Program crash
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11813.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8108.exe
        8⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
        9⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43039.exe
        10⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51420.exe
        11⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
        12⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55316.exe
        13⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 216
        13⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 216
        12⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
        11⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
        10⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 216
        9⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 216
        8⤵
        Program crash
        
        PID:3132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
        7⤵
        Program crash
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3090.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exe
        9⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64149.exe
        10⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        11⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
        12⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5559.exe
        13⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        14⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9360 -s 236
        14⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
        12⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        11⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 236
        10⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe
        10⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        11⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        12⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
        13⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10744 -s 216
        13⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 236
        12⤵
        
        PID:11336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
        11⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        10⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        9⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
        9⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42878.exe
        10⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe
        11⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
        12⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58160.exe
        13⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
        12⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
        11⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        10⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 216
        9⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
        8⤵
        Program crash
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
        8⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
        9⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6832.exe
        10⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55333.exe
        11⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-707.exe
        12⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30864.exe
        13⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 216
        13⤵
        
        PID:13068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
        12⤵
        
        PID:10628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
        11⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        10⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
        9⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56536.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30268.exe
        9⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28945.exe
        10⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
        11⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        12⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 216
        12⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
        11⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        10⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        9⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        8⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
        7⤵
        Program crash
        
        PID:2592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        6⤵
        Program crash
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28690.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15727.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64154.exe
        9⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        10⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61985.exe
        11⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40460.exe
        12⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28769.exe
        13⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
        14⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
        14⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 236
        13⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        12⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 236
        11⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25783.exe
        10⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
        11⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
        12⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9664.exe
        13⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
        12⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        11⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
        10⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
        9⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52473.exe
        10⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
        11⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe
        12⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        13⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
        13⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
        12⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        11⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
        10⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
        9⤵
        Program crash
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52457.exe
        8⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8451.exe
        9⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25011.exe
        10⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        11⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
        12⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
        13⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9280 -s 216
        13⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 236
        12⤵
        
        PID:10200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
        11⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
        10⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        8⤵
        Program crash
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19426.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63962.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
        9⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43402.exe
        10⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43833.exe
        11⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39023.exe
        12⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
        13⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
        13⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 236
        12⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        11⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
        10⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55701.exe
        10⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26387.exe
        11⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29338.exe
        12⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 236
        12⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
        11⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
        10⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
        9⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35618.exe
        9⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54186.exe
        10⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
        11⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53323.exe
        12⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 216
        12⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 216
        11⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
        10⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
        8⤵
        Program crash
        
        PID:3816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        7⤵
        Program crash
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39266.exe
        8⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34108.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
        10⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        11⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        12⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44963.exe
        13⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9432 -s 216
        13⤵
        
        PID:11944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
        12⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
        11⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
        10⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 236
        9⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe
        8⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46739.exe
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61259.exe
        10⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59368.exe
        11⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25503.exe
        12⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 216
        12⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
        11⤵
        
        PID:10116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
        10⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        9⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 240
        8⤵
        Program crash
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40012.exe
        7⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17772.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50823.exe
        9⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22967.exe
        10⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58216.exe
        11⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        12⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 216
        12⤵
        
        PID:11416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 216
        11⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
        10⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        9⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 216
        8⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        7⤵
        Program crash
        
        PID:2872
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        6⤵
        Program crash
        
        PID:2388
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20898.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24606.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11450.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51352.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        9⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
        10⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
        11⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32479.exe
        12⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38756.exe
        13⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47724.exe
        14⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9660 -s 216
        14⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
        13⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        12⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
        11⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 216
        10⤵
        Program crash
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37402.exe
        9⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21467.exe
        10⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7782.exe
        11⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13291.exe
        12⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        13⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9520 -s 220
        13⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
        12⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
        11⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        10⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        9⤵
        Program crash
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15124.exe
        8⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-506.exe
        10⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 220
        11⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        10⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
        9⤵
        Program crash
        
        PID:2884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        8⤵
        Program crash
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22738.exe
        8⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25783.exe
        9⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
        10⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
        11⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
        12⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
        12⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 236
        11⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
        10⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 216
        9⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30386.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
        9⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65535.exe
        10⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7536.exe
        11⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
        12⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 216
        12⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
        11⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
        10⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
        9⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
        8⤵
        Program crash
        
        PID:3204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 240
        7⤵
        Program crash
        
        PID:280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48145.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
        9⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46355.exe
        10⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48275.exe
        11⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
        12⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
        13⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9888 -s 216
        13⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
        12⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        10⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        9⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
        8⤵
        Program crash
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
        7⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9411.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55265.exe
        9⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-164.exe
        10⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14246.exe
        11⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
        12⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 216
        12⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
        11⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
        10⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        9⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 216
        8⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
        7⤵
        Program crash
        
        PID:2188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
        6⤵
        Program crash
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8824.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
        8⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
        9⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54523.exe
        10⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        11⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 200
        12⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
        11⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
        10⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
        9⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-646.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5130.exe
        9⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20419.exe
        10⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44293.exe
        11⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 220
        12⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
        11⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
        10⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        9⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
        8⤵
        Program crash
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21467.exe
        9⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
        10⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38756.exe
        11⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1299.exe
        12⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 216
        12⤵
        
        PID:12364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        10⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 236
        9⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
        8⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
        7⤵
        Program crash
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
        7⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36329.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        9⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
        10⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54558.exe
        11⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
        11⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
        10⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        9⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 236
        8⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 216
        7⤵
        Program crash
        
        PID:3352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        6⤵
        Program crash
        
        PID:1556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
        5⤵
        Program crash
        
        PID:2960
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65360.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41152.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14073.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12353.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48015.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8108.exe
        8⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9219.exe
        9⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15135.exe
        10⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        11⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
        12⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60360.exe
        13⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 216
        13⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7408 -s 216
        12⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
        11⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        10⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 216
        9⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 216
        8⤵
        Program crash
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-651.exe
        7⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
        8⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
        9⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49702.exe
        10⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49578.exe
        11⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38590.exe
        12⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        13⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10432 -s 216
        13⤵
        
        PID:13136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
        12⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
        11⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        10⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48176.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
        9⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        10⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        11⤵
        
        PID:10992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 216
        11⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        9⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
        8⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        7⤵
        Program crash
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36317.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4180.exe
        7⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23506.exe
        8⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
        9⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
        10⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60164.exe
        11⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39882.exe
        12⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56084.exe
        13⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9320 -s 216
        13⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 216
        12⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
        11⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        10⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 216
        9⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        8⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
        9⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29328.exe
        10⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15757.exe
        11⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14527.exe
        12⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
        12⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
        11⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        10⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        9⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
        8⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24252.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
        9⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45167.exe
        10⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
        11⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
        11⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        10⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        9⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 216
        8⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
        7⤵
        Program crash
        
        PID:3364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
        6⤵
        Program crash
        
        PID:292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48015.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16625.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
        8⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2203.exe
        9⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9380.exe
        10⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46589.exe
        11⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
        12⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39395.exe
        13⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
        13⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 216
        12⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 236
        11⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        10⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 216
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        8⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20948.exe
        9⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60164.exe
        10⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40266.exe
        11⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38269.exe
        12⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 216
        12⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
        11⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
        10⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        9⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        8⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32420.exe
        7⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2203.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58415.exe
        9⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19651.exe
        10⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55777.exe
        11⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9467.exe
        12⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 220
        12⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 236
        11⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 236
        10⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
        9⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
        8⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        7⤵
        Program crash
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9203.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35758.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        9⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62733.exe
        10⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20360.exe
        11⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36043.exe
        12⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 216
        12⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 236
        11⤵
        
        PID:11248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        10⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        9⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 216
        8⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3443.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe
        8⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe
        9⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        9⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        10⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59831.exe
        11⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 216
        10⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 220
        9⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        8⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
        7⤵
        
        PID:4480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
        6⤵
        Program crash
        
        PID:880
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 220
        5⤵
        Program crash
        
        PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16246.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
        7⤵
        Program crash
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41683.exe
        6⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37616.exe
        8⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        9⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
        10⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
        11⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
        12⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 216
        12⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 220
        11⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
        10⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        9⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        8⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8674.exe
        8⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22474.exe
        9⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17568.exe
        10⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
        11⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 216
        11⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
        10⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        9⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
        8⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 220
        7⤵
        Program crash
        
        PID:3572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
        6⤵
        Program crash
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44678.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45405.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24850.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
        8⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe
        9⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63480.exe
        10⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55066.exe
        11⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58497.exe
        12⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 236
        12⤵
        
        PID:12336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
        11⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        10⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
        9⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
        8⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42254.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57683.exe
        8⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22282.exe
        9⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12523.exe
        10⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
        11⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
        11⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
        10⤵
        
        PID:1216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
        9⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 236
        8⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
        7⤵
        Program crash
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        6⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
        7⤵
        
        PID:4484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 220
        6⤵
        Program crash
        
        PID:2760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 240
        5⤵
        Program crash
        
        PID:2816
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2096
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59885.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59885.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37068.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63274.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52099.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        8⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
        9⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40984.exe
        10⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe
        11⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        12⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        13⤵
        
        PID:11852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 216
        13⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
        12⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        11⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
        10⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 236
        9⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30194.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        9⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55504.exe
        10⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        11⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
        12⤵
        
        PID:11772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 216
        12⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 216
        11⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
        10⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
        9⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
        8⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 216
        7⤵
        Program crash
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44678.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        7⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63957.exe
        9⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37641.exe
        10⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39739.exe
        11⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62897.exe
        12⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
        13⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
        12⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        11⤵
        
        PID:9260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
        10⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 216
        9⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23671.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
        9⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45302.exe
        10⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
        11⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17896.exe
        12⤵
        
        PID:12984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
        11⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        10⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        9⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 220
        8⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
        7⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43537.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41918.exe
        9⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49962.exe
        10⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
        11⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52602.exe
        12⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 216
        12⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
        11⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
        10⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        9⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        8⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
        7⤵
        Program crash
        
        PID:3400
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
        6⤵
        Program crash
        
        PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58025.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 200
        7⤵
        Program crash
        
        PID:2012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
        6⤵
        Program crash
        
        PID:3420
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 240
        5⤵
        Program crash
        
        PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11258.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        8⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        9⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27445.exe
        10⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
        11⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39903.exe
        12⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19707.exe
        13⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 216
        13⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
        12⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
        11⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
        10⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 216
        9⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3443.exe
        8⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4777.exe
        9⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe
        10⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
        11⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30864.exe
        12⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 216
        12⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
        11⤵
        
        PID:10444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
        10⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        9⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 220
        8⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
        7⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        8⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
        9⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
        10⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        11⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57397.exe
        12⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10360 -s 216
        12⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
        11⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
        10⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        9⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 236
        8⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 220
        7⤵
        Program crash
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37599.exe
        6⤵
        Executes dropped EXE
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19422.exe
        7⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6780.exe
        8⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
        9⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        10⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38590.exe
        11⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36977.exe
        12⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10456 -s 216
        12⤵
        
        PID:13152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 216
        11⤵
        
        PID:11092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
        9⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 236
        8⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe
        8⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe
        9⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17615.exe
        10⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        11⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 236
        10⤵
        
        PID:11500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
        9⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        8⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 240
        7⤵
        
        PID:5124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
        6⤵
        Program crash
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
        6⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3085.exe
        7⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65301.exe
        8⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63298.exe
        9⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25458.exe
        10⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29483.exe
        11⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60215.exe
        12⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10808 -s 236
        12⤵
        
        PID:12396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 236
        11⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
        10⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        9⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
        8⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
        7⤵
        Program crash
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe
        6⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19225.exe
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53044.exe
        8⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
        9⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe
        10⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41393.exe
        11⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9384 -s 236
        11⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 216
        10⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
        9⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
        8⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 216
        7⤵
        
        PID:4804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
        6⤵
        Program crash
        
        PID:3292
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
        5⤵
        Program crash
        
        PID:2100
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21076.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        6⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
        6⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55509.exe
        8⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23071.exe
        9⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
        10⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 236
        10⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
        9⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        8⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 216
        7⤵
        
        PID:6028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 220
        6⤵
        Program crash
        
        PID:3260
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 236
        5⤵
        Program crash
        
        PID:3024
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
      4⤵
      Program crash
      PID:3044
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
  2⤵
  - Program crash
  PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe

Filesize
184KB

MD5
aaa957e6965179be78960510076280fa

SHA1
3cc0399283e518530f72255915e24a58c9db18df

SHA256
1e3c138a121beb221ebe44cede41fcb64b7f21e796940086e19b5e25544c358c

SHA512
b2e8c78e3dd1f57333c81f90025aa76432577c9001da8938978a06ed59ea487c989aba3b71cdd7c7cf76330c96fe84fd281cb5455c74f02e19521b0ef8ad0711

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38269.exe

Filesize
184KB

MD5
13407708eeeb8bd6fe6a04c7aafa0255

SHA1
279bf42ccf19f6d4d9b9d74773cb019035883d99

SHA256
e4a66fa139fb38d4c38ec136457fc4efc84a0feb43604c1a320d5715290a1410

SHA512
28353cf6f9eb0790cad783f9e8dd421a13b8c8d5cf412b2a038e5213dfe5229c6aab1c6e5c6a14deda99aeafc247eb332a063ec065866989ae408decf0f43f2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe

Filesize
184KB

MD5
e0530e409b39403e556ad7f5ce668eaa

SHA1
637a42ad4d786553ac59f0d4984bd2a6c0568492

SHA256
47b5bea3b569347d8bbc82b22a9a4e4c3292de6db61993a5e0e94af5131d0696

SHA512
78579375eac815fae5e248de62d25696543a5cbc97e9b925368351204ff4c321d9c9d1a396d4625ee69f4fc0802b388f8aa0c06587f36eb0284f312885c66e26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40012.exe

Filesize
184KB

MD5
14cb8542f824104503a0ba3abc21625e

SHA1
a3b2d2a04e34c0f416f5638a82d1b7b27b6577d4

SHA256
4dadc176ade4a84e6d1d1bdb009281b32100c272f6ae74a38ad9da17d060dc6e

SHA512
ab5f23385dfd95ede1620430a9c24dae5195b75511ae65fa75731cc7d0dd886c08f7fd43d82f283410dc70ecc7544ef83e7ea4b66dd01cd29d75b38c2aeaca57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41152.exe

Filesize
184KB

MD5
0e343e917deeb170bde4f61da8e2555c

SHA1
a86aba4cea5d6ce4314296b6a4131204b77f94c8

SHA256
7a57966c64d9950513fc5a8806e8f79ffae5582c145420457e4bbcc5b8ae9024

SHA512
aa20c7b5883bdd81e4a505747d6812e749e395540aa7bf7c166efa41e19ce7a1e9551afcc03210acd8b2056ce96cba57126f6da119c13d9089254b59cac34bfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63298.exe

Filesize
184KB

MD5
5688a5ecf4eebacd5941d68066a0d5fe

SHA1
fe3894bc1ec9eb9b227ad7708b09899b7ac30719

SHA256
7c6f8c577c2c9d1e13da3327407d5ff45bdc39aff6a45c8a60294ffe0a8271e3

SHA512
e6cb96117c201d5c85ac16202e30227b1c3c319673e7fb2f068977542e577889f80be37c754fd0dfe2dbc02138fa32dc535dcbf2cf695ff4bab923dc340a8f04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65360.exe

Filesize
184KB

MD5
3360d8e506ad3246c3fb02ddcc53a2ae

SHA1
f4d1992ba0854d98594b83e5f13b80b9e3dd01da

SHA256
4007d77c36b47f273f505a44d9b817e040ca050911210f1f43069ded9a5e723b

SHA512
88742424876fe3a840a654bd2a69f56d52b0b3b5143753345a638d00f402bc71a0caf5f67a37fa8d62ccb266d345b6ea9f08382c760e00ddea3adc3b9c277c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6780.exe

Filesize
184KB

MD5
9014ac7577ce93cf5ff4dd4024f7b2fd

SHA1
e819e44dfc404df71763592fc44219217fef7de0

SHA256
d32c16b2d7d7db57d6f15e535cbb6749dcbd0b1e61d5f2c510b8c3a3b572662c

SHA512
ff02e8dbd59b64ff68e4d0169e4b2a2bf8768a9f97cc77e0794a1439abf2dcbc232fc86460d0a977aa132d31243966f61bccff4786e80357679e053c98adf5af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe

Filesize
184KB

MD5
3b40500cc4607073a2d1b524d8f458dc

SHA1
dc7d50778604959cce8aa4ed31fff60a193b569a

SHA256
7fd6a7a61726f0224182cbe57605038e5752dfec78f5b58ac35451473d3ebebb

SHA512
a19576b3b9f7a220a89ef8a958355a5fe3243ed5c32d24be44ffad3333749e80f2e1fbc198ae2f16deb3cb4a34f51326fdc4fb4cdab383a698fd6493cfeee814

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe

Filesize
184KB

MD5
2ee23fc9d1c3934ce6e3f0c04e32c120

SHA1
d6b421e3e165f4a92c4c7b67a67729d9db15c1ed

SHA256
d795dab1139a316db653fddac3eb76627719b838e97588199f75f60a6c1296a9

SHA512
e5b1052e2dc6688cf66ec090ff667959605a8ae7f5bbcc68707062ec7819affda0630a90ec6acaeb21719d9133ed59431c57efa891023ab513bf5a894405bdbe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15604.exe

Filesize
184KB

MD5
edd817f7719c9ad5c29feae0676aa2ab

SHA1
ed623436c958f6d5fac186f703172ce6bcb9a2dd

SHA256
d405de234fc99e26608ee9de6e4da56f6349cf3095edab9d5be246f725dfa837

SHA512
f34992429c9f1c0e83799184b8a05cf8f6df53773b88a0b4f13e5bec2ae9787ee2dd7b4355b227c7d9bc174fa904581b70c3b452e1501cc75edb313a2b82f6da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20898.exe

Filesize
184KB

MD5
308f05d9617e0b136d88b2ca3c1d74f1

SHA1
60f8d5c6f9075753e1cae94ff16115e97d85d65e

SHA256
994d7324849309ead48308303eb37d111cf430bbc093579d79347d3bba1859bb

SHA512
1adb63bfac7708e63f45d69b290c0a5f94e0a843c1bf1337adc83825c02cf36f3554102693478129fd4a67220df78dc059816065792dc58647c1d0b44f58780e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe

Filesize
184KB

MD5
4a2146489a07e15773bec250a58c1b1d

SHA1
24d30c8cfd24975d9768edb4537c3d52f1c38b58

SHA256
efc95c9a2ed5c1755546736b5a0ce8074bb587e67e818244e92c47bdb12cadc7

SHA512
acd2f8fd9a32b10879ec0fdd30b4b5e6b5ffb3d4586742c5c1cff55b40be6d3fc796fa6a471fa5bb76b216ca761fc6342494fcaff5632d9c0691436e85c327a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe

Filesize
184KB

MD5
7d4d5e0bc9af74acda0f3e1eb1a778b5

SHA1
bcaf174cee7fef4d3f10152adde64f041cbf144a

SHA256
9d13b7b2e435730a55c013f5ed1ddc7cc128d90bad43dc89f329072415b61dfe

SHA512
5312bbe61286598286035178f4fcf9cce3899e64fcd5556eb8eb871516a884603c70569511feb4898bd49a0c66d078faa877977bc199b792f1f415af8d7e00a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29258.exe

Filesize
184KB

MD5
17ba141f257d501e3e876514ca14616e

SHA1
adf6916db30cbc04117e9fae853b29967c180d80

SHA256
8d7ecfc5f04ff22fd61c891cf10427c2e02d6021ac5ff79a98e038373c9710d0

SHA512
30c14544d05e11ff7b9f25f95ccfce7a6b4cf1a6fd3081f669838cc4ff81cc4c699c3630d4d388da947474adb05f8a80d0e80d273a38932a9f5564d40e4fc820

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37068.exe

Filesize
184KB

MD5
1033f7daedf3fec89069d71eed4f76fb

SHA1
ea9c41077eb9077ac39593a5bbb4665bb2816667

SHA256
36650d014a8ee3cbc2906ea77b3044e39bb4b0ac37a9c459b07222d8c5d52f96

SHA512
b7029695839709dc226d50906ffb573835081ed085cb11f276144ccd996a52ff8158e4091a66fe95665eef5937bbff31bdd1491911a63408049bd416a9897041

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5002.exe

Filesize
184KB

MD5
7e2d6c9f646be008af0ecd5500bed0ba

SHA1
f53240f8f57d9446664d0b7c8c63e3dcd869c42a

SHA256
fcc54d9d97205640ecef83bbde496e402682f685604b54e0a194ef442467c7b2

SHA512
a3649f3581b9d942d105bb49b03ed1a22e20697749f2fc340c30201b97ed703ac308c2d90450fc4a54f3ae031220586b977d2cccfc3090598328cfa6c0ca21fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe

Filesize
184KB

MD5
132ba4617642b9f7c4b4bce22bf31af8

SHA1
93598204ce4ec667f9aab9d0ae7dd9a93159ebe0

SHA256
dcb66fc22f2c2606f98c79813cc1d59ddb008c3e6d7b15e65b630d520f7ac77f

SHA512
88fead579f4d9db715ef22d97582e64bb288121e2fc866a5f8a7b67cd2bdf258e9ce1634957a2815838207f78971461d2d0d0725e94d4f231b84552baf66abfa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59885.exe

Filesize
184KB

MD5
894ac56db722ca395b16544fb090e1d5

SHA1
996663b61fbd82a5290316d1c4440205b768e275

SHA256
8a335eafb6ba851bf730f97610c6730abb09f897d5271d1aff11e4b34107b0fc

SHA512
41e31bd267facb229a94fa0446594c65024aaecde62d689677e6f8209e454614fb396d5fa5bf92e637f28e6f805a0f5dfe5172951c1a29c7ca86375b3b0955db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe

Filesize
184KB

MD5
ebffee15887af762daf681e62d38b94e

SHA1
2d809842c2756a168ffb1a98cef8467486b9fb92

SHA256
f45ffccfa13c96b8c98f0afa8abb7c80f5516aac49993bb505920ac147509975

SHA512
c5f4f14960b2cef445c8a9305a904e6916d0afd1883ef1ee40bf973a03285e05763840dd3aef56cd2adc0196baa0ad927479d54d588813dfb0d8c1fc740b5e13

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads