15ae1a306890e2a9043518d43ff866646d18c1fe221a53e4858cda06643c04fb

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 21:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe
Size

184KB
MD5

5722381d575f4a038f4444916e61dd10
SHA1

e6f28e9198372fd3338c2f68b48c52f764cb21a6
SHA256

15ae1a306890e2a9043518d43ff866646d18c1fe221a53e4858cda06643c04fb
SHA512

5bf99d96be8cbfeca1a07062d7755ada17e6c61647ed98dc9c434f8d556e1fe6264962d2a938aa5efbbcb9ac7d6ab995ad1f17bdaef3d2fe3ec1177a176c7a9c
SSDEEP

1536:R7S/6jZmu3BxoRxZryhAljwqHAIzZcpmd2xpLW2Czwtohl5hj5Vizpvg:5d73Bxo3pyhy3Hzze7pLWF+ohlnniFY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2028	Unicorn-7218.exe
2948	Unicorn-52226.exe
2640	Unicorn-50835.exe
2244	Unicorn-59600.exe
2600	Unicorn-47156.exe
2488	Unicorn-27290.exe
1620	Unicorn-18651.exe
1360	Unicorn-52070.exe
1716	Unicorn-45293.exe
396	Unicorn-10482.exe
1248	Unicorn-25427.exe
2760	Unicorn-4657.exe
2164	Unicorn-24523.exe
1932	Unicorn-34829.exe
2200	Unicorn-34829.exe
1856	Unicorn-6603.exe
892	Unicorn-14216.exe
1408	Unicorn-44943.exe
1772	Unicorn-63972.exe
2652	Unicorn-44149.exe
756	Unicorn-31897.exe
1600	Unicorn-42757.exe
112	Unicorn-7200.exe
760	Unicorn-22145.exe
904	Unicorn-64569.exe
2900	Unicorn-9893.exe
2224	Unicorn-60293.exe
832	Unicorn-25483.exe
780	Unicorn-58902.exe
1968	Unicorn-52125.exe
2824	Unicorn-62986.exe
1652	Unicorn-7283.exe
2916	Unicorn-57039.exe
2536	Unicorn-11367.exe
2540	Unicorn-14060.exe
2672	Unicorn-64652.exe
2504	Unicorn-40702.exe
2552	Unicorn-60568.exe
1424	Unicorn-24174.exe
880	Unicorn-1061.exe
1368	Unicorn-1061.exe
2328	Unicorn-16006.exe
556	Unicorn-33734.exe
1568	Unicorn-64460.exe
1216	Unicorn-25566.exe
2236	Unicorn-56292.exe
1240	Unicorn-9784.exe
2752	Unicorn-40510.exe
2756	Unicorn-60376.exe
2472	Unicorn-28258.exe
1548	Unicorn-20173.exe
3012	Unicorn-12026.exe
3040	Unicorn-18803.exe
2156	Unicorn-18057.exe
3020	Unicorn-33001.exe
2220	Unicorn-9888.exe
1436	Unicorn-24833.exe
1892	Unicorn-58897.exe
1532	Unicorn-58897.exe
1756	Unicorn-62981.exe
2644	Unicorn-34947.exe
2588	Unicorn-42561.exe
2596	Unicorn-7750.exe
2484	Unicorn-46645.exe

Loads dropped DLL 64 IoCs

pid	Process
2388	5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe
2388	5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe
2028	Unicorn-7218.exe
2028	Unicorn-7218.exe
2388	5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe
2388	5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe
2640	Unicorn-50835.exe
2640	Unicorn-50835.exe
2948	Unicorn-52226.exe
2028	Unicorn-7218.exe
2948	Unicorn-52226.exe
2028	Unicorn-7218.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
2244	Unicorn-59600.exe
2244	Unicorn-59600.exe
2640	Unicorn-50835.exe
2640	Unicorn-50835.exe
2488	Unicorn-27290.exe
2488	Unicorn-27290.exe
2600	Unicorn-47156.exe
2600	Unicorn-47156.exe
2948	Unicorn-52226.exe
2948	Unicorn-52226.exe
1588	WerFault.exe
1588	WerFault.exe
1588	WerFault.exe
1588	WerFault.exe
1588	WerFault.exe
1468	WerFault.exe
1468	WerFault.exe
1468	WerFault.exe
1468	WerFault.exe
1468	WerFault.exe
2244	Unicorn-59600.exe
2244	Unicorn-59600.exe
1620	Unicorn-18651.exe
1620	Unicorn-18651.exe
1716	Unicorn-45293.exe
1716	Unicorn-45293.exe
1360	Unicorn-52070.exe
1360	Unicorn-52070.exe
2488	Unicorn-27290.exe
2488	Unicorn-27290.exe
1248	Unicorn-25427.exe
1248	Unicorn-25427.exe
396	Unicorn-10482.exe
396	Unicorn-10482.exe
2600	Unicorn-47156.exe
2600	Unicorn-47156.exe
2404	WerFault.exe
2404	WerFault.exe
2404	WerFault.exe
2404	WerFault.exe
2404	WerFault.exe
2096	WerFault.exe
2096	WerFault.exe
2096	WerFault.exe
2096	WerFault.exe
1116	WerFault.exe
1116	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2780	2388	WerFault.exe	27
1864	2028	WerFault.exe	28
1588	2640	WerFault.exe	30
1468	2948	WerFault.exe	29
2404	2244	WerFault.exe	32
1116	2600	WerFault.exe	33
2096	2488	WerFault.exe	34
1536	1620	WerFault.exe	36
2764	1360	WerFault.exe	37
2860	1716	WerFault.exe	38
2576	1248	WerFault.exe	40
2580	396	WerFault.exe	39
708	2164	WerFault.exe	44
1800	2200	WerFault.exe	46
2724	1932	WerFault.exe	45
1112	1856	WerFault.exe	47
2256	892	WerFault.exe	48
2808	1772	WerFault.exe	50
2100	1408	WerFault.exe	49
1812	756	WerFault.exe	55
2896	1600	WerFault.exe	56
792	2652	WerFault.exe	54
896	112	WerFault.exe	57
2788	760	WerFault.exe	58
1160	904	WerFault.exe	59
2768	2900	WerFault.exe	60
2124	780	WerFault.exe	63
2360	2824	WerFault.exe	65
1728	2224	WerFault.exe	61
2628	832	WerFault.exe	62
2052	1968	WerFault.exe	64
1684	2536	WerFault.exe	72
3104	2672	WerFault.exe	75
3128	880	WerFault.exe	80
3220	2552	WerFault.exe	77
3304	2540	WerFault.exe	74
3312	1368	WerFault.exe	79
3496	2756	WerFault.exe	88
3488	2752	WerFault.exe	87
3960	2504	WerFault.exe	76
3972	1216	WerFault.exe	84
4080	1424	WerFault.exe	78
3420	2916	WerFault.exe	71
3508	1548	WerFault.exe	97
3516	1652	WerFault.exe	69
3616	2328	WerFault.exe	81
3724	1756	WerFault.exe	106
3740	2484	WerFault.exe	110
3728	2644	WerFault.exe	107
3776	2508	WerFault.exe	111
3796	2472	WerFault.exe	89
3920	2596	WerFault.exe	109
4000	2588	WerFault.exe	108
4052	2044	WerFault.exe	124
3076	2236	WerFault.exe	85
3340	3012	WerFault.exe	98
3360	1188	WerFault.exe	121
3560	2452	WerFault.exe	137
3576	3040	WerFault.exe	99
3704	2136	WerFault.exe	138
4044	3024	WerFault.exe	142
4088	2476	WerFault.exe	112
1376	2616	WerFault.exe	139
3092	1512	WerFault.exe	141

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2388	5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe
2028	Unicorn-7218.exe
2948	Unicorn-52226.exe
2640	Unicorn-50835.exe
2244	Unicorn-59600.exe
2488	Unicorn-27290.exe
2600	Unicorn-47156.exe
1620	Unicorn-18651.exe
1360	Unicorn-52070.exe
1716	Unicorn-45293.exe
1248	Unicorn-25427.exe
396	Unicorn-10482.exe
2760	Unicorn-4657.exe
2164	Unicorn-24523.exe
1932	Unicorn-34829.exe
2200	Unicorn-34829.exe
1856	Unicorn-6603.exe
892	Unicorn-14216.exe
1408	Unicorn-44943.exe
1772	Unicorn-63972.exe
2652	Unicorn-44149.exe
756	Unicorn-31897.exe
1600	Unicorn-42757.exe
112	Unicorn-7200.exe
760	Unicorn-22145.exe
904	Unicorn-64569.exe
2900	Unicorn-9893.exe
832	Unicorn-25483.exe
2224	Unicorn-60293.exe
780	Unicorn-58902.exe
1968	Unicorn-52125.exe
2824	Unicorn-62986.exe
2536	Unicorn-11367.exe
2916	Unicorn-57039.exe
1652	Unicorn-7283.exe
2540	Unicorn-14060.exe
2672	Unicorn-64652.exe
2504	Unicorn-40702.exe
2552	Unicorn-60568.exe
880	Unicorn-1061.exe
1424	Unicorn-24174.exe
1368	Unicorn-1061.exe
2328	Unicorn-16006.exe
556	Unicorn-33734.exe
1568	Unicorn-64460.exe
1216	Unicorn-25566.exe
2236	Unicorn-56292.exe
2756	Unicorn-60376.exe
1240	Unicorn-9784.exe
2752	Unicorn-40510.exe
2472	Unicorn-28258.exe
1548	Unicorn-20173.exe
3012	Unicorn-12026.exe
3040	Unicorn-18803.exe
2156	Unicorn-18057.exe
3020	Unicorn-33001.exe
2220	Unicorn-9888.exe
1436	Unicorn-24833.exe
1532	Unicorn-58897.exe
1892	Unicorn-58897.exe
1756	Unicorn-62981.exe
2588	Unicorn-42561.exe
2644	Unicorn-34947.exe
2596	Unicorn-7750.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2028	2388	5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe	28
PID 2388 wrote to memory of 2028	2388	5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe	28
PID 2388 wrote to memory of 2028	2388	5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe	28
PID 2388 wrote to memory of 2028	2388	5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe	28
PID 2028 wrote to memory of 2948	2028	Unicorn-7218.exe	29
PID 2028 wrote to memory of 2948	2028	Unicorn-7218.exe	29
PID 2028 wrote to memory of 2948	2028	Unicorn-7218.exe	29
PID 2028 wrote to memory of 2948	2028	Unicorn-7218.exe	29
PID 2388 wrote to memory of 2640	2388	5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe	30
PID 2388 wrote to memory of 2640	2388	5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe	30
PID 2388 wrote to memory of 2640	2388	5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe	30
PID 2388 wrote to memory of 2640	2388	5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe	30
PID 2388 wrote to memory of 2780	2388	5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe	31
PID 2388 wrote to memory of 2780	2388	5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe	31
PID 2388 wrote to memory of 2780	2388	5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe	31
PID 2388 wrote to memory of 2780	2388	5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe	31
PID 2640 wrote to memory of 2244	2640	Unicorn-50835.exe	32
PID 2640 wrote to memory of 2244	2640	Unicorn-50835.exe	32
PID 2640 wrote to memory of 2244	2640	Unicorn-50835.exe	32
PID 2640 wrote to memory of 2244	2640	Unicorn-50835.exe	32
PID 2948 wrote to memory of 2600	2948	Unicorn-52226.exe	33
PID 2948 wrote to memory of 2600	2948	Unicorn-52226.exe	33
PID 2948 wrote to memory of 2600	2948	Unicorn-52226.exe	33
PID 2948 wrote to memory of 2600	2948	Unicorn-52226.exe	33
PID 2028 wrote to memory of 2488	2028	Unicorn-7218.exe	34
PID 2028 wrote to memory of 2488	2028	Unicorn-7218.exe	34
PID 2028 wrote to memory of 2488	2028	Unicorn-7218.exe	34
PID 2028 wrote to memory of 2488	2028	Unicorn-7218.exe	34
PID 2028 wrote to memory of 1864	2028	Unicorn-7218.exe	35
PID 2028 wrote to memory of 1864	2028	Unicorn-7218.exe	35
PID 2028 wrote to memory of 1864	2028	Unicorn-7218.exe	35
PID 2028 wrote to memory of 1864	2028	Unicorn-7218.exe	35
PID 2244 wrote to memory of 1620	2244	Unicorn-59600.exe	36
PID 2244 wrote to memory of 1620	2244	Unicorn-59600.exe	36
PID 2244 wrote to memory of 1620	2244	Unicorn-59600.exe	36
PID 2244 wrote to memory of 1620	2244	Unicorn-59600.exe	36
PID 2640 wrote to memory of 1360	2640	Unicorn-50835.exe	37
PID 2640 wrote to memory of 1360	2640	Unicorn-50835.exe	37
PID 2640 wrote to memory of 1360	2640	Unicorn-50835.exe	37
PID 2640 wrote to memory of 1360	2640	Unicorn-50835.exe	37
PID 2488 wrote to memory of 1716	2488	Unicorn-27290.exe	38
PID 2488 wrote to memory of 1716	2488	Unicorn-27290.exe	38
PID 2488 wrote to memory of 1716	2488	Unicorn-27290.exe	38
PID 2488 wrote to memory of 1716	2488	Unicorn-27290.exe	38
PID 2600 wrote to memory of 396	2600	Unicorn-47156.exe	39
PID 2600 wrote to memory of 396	2600	Unicorn-47156.exe	39
PID 2600 wrote to memory of 396	2600	Unicorn-47156.exe	39
PID 2600 wrote to memory of 396	2600	Unicorn-47156.exe	39
PID 2948 wrote to memory of 1248	2948	Unicorn-52226.exe	40
PID 2948 wrote to memory of 1248	2948	Unicorn-52226.exe	40
PID 2948 wrote to memory of 1248	2948	Unicorn-52226.exe	40
PID 2948 wrote to memory of 1248	2948	Unicorn-52226.exe	40
PID 2640 wrote to memory of 1588	2640	Unicorn-50835.exe	41
PID 2640 wrote to memory of 1588	2640	Unicorn-50835.exe	41
PID 2640 wrote to memory of 1588	2640	Unicorn-50835.exe	41
PID 2640 wrote to memory of 1588	2640	Unicorn-50835.exe	41
PID 2948 wrote to memory of 1468	2948	Unicorn-52226.exe	42
PID 2948 wrote to memory of 1468	2948	Unicorn-52226.exe	42
PID 2948 wrote to memory of 1468	2948	Unicorn-52226.exe	42
PID 2948 wrote to memory of 1468	2948	Unicorn-52226.exe	42
PID 2244 wrote to memory of 2760	2244	Unicorn-59600.exe	43
PID 2244 wrote to memory of 2760	2244	Unicorn-59600.exe	43
PID 2244 wrote to memory of 2760	2244	Unicorn-59600.exe	43
PID 2244 wrote to memory of 2760	2244	Unicorn-59600.exe	43

C:\Users\Admin\AppData\Local\Temp\5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5722381d575f4a038f4444916e61dd10_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10482.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60604.exe
        9⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13033.exe
        10⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33402.exe
        11⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
        12⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44186.exe
        13⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        14⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 216
        14⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
        13⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
        12⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        11⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
        10⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 216
        9⤵
        Program crash
        
        PID:3496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
        8⤵
        Program crash
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28258.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
        8⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25094.exe
        9⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
        10⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        11⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        12⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38779.exe
        13⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 216
        13⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
        12⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
        11⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 216
        10⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 216
        9⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31870.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8622.exe
        9⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
        10⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58145.exe
        11⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55442.exe
        12⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39249.exe
        13⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 236
        12⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
        11⤵
        
        PID:9556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
        10⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
        9⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
        8⤵
        Program crash
        
        PID:3796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 240
        7⤵
        Program crash
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62986.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20173.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6380.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7195.exe
        9⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        10⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        11⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        12⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25759.exe
        13⤵
        
        PID:11124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
        13⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 220
        12⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
        11⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 216
        10⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
        9⤵
        Program crash
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26224.exe
        8⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36827.exe
        9⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49842.exe
        10⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
        11⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4871.exe
        12⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
        12⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
        11⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        10⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        9⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        8⤵
        Program crash
        
        PID:3508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
        7⤵
        Program crash
        
        PID:2360
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 240
        6⤵
        Program crash
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63972.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56292.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
        8⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
        9⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
        10⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe
        11⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        12⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42479.exe
        13⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50925.exe
        14⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
        13⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 220
        12⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 216
        10⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
        9⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64735.exe
        8⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        9⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        10⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41280.exe
        11⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        12⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 216
        12⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 216
        11⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
        10⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
        9⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 220
        8⤵
        Program crash
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12389.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62042.exe
        8⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
        9⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46500.exe
        10⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33169.exe
        11⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 236
        11⤵
        
        PID:10516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        10⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 216
        9⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 216
        8⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 240
        7⤵
        Program crash
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
        7⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6811.exe
        8⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20600.exe
        9⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
        10⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
        11⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        12⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 216
        12⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
        11⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        10⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
        9⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20085.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7958.exe
        9⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        10⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        11⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21242.exe
        12⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 216
        11⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
        10⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
        9⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 220
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
        7⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55213.exe
        9⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30351.exe
        10⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8716.exe
        11⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11887.exe
        12⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 216
        11⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        10⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        9⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 236
        8⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
        7⤵
        Program crash
        
        PID:3488
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
        6⤵
        Program crash
        
        PID:2808
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 220
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25427.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24174.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
        7⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        8⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
        9⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30709.exe
        10⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24622.exe
        11⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55203.exe
        12⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47801.exe
        13⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 236
        12⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        11⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
        10⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 216
        9⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42643.exe
        8⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
        9⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
        10⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
        11⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2767.exe
        12⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 236
        11⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
        10⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
        9⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 220
        8⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
        7⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47325.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8150.exe
        9⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57486.exe
        10⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
        11⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35357.exe
        12⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
        11⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
        10⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
        9⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        8⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 240
        7⤵
        Program crash
        
        PID:4080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 236
        6⤵
        Program crash
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58902.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        8⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
        9⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        10⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61373.exe
        11⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
        12⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9320 -s 236
        12⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 236
        11⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 236
        10⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 216
        9⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54429.exe
        7⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        8⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17829.exe
        9⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42515.exe
        10⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36340.exe
        11⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 236
        11⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 216
        10⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
        9⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 216
        8⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 220
        7⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24641.exe
        6⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35208.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43158.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe
        10⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        11⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59093.exe
        12⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 216
        11⤵
        
        PID:11132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        10⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
        9⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
        8⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33406.exe
        7⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18265.exe
        8⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42363.exe
        9⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42650.exe
        10⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59176.exe
        11⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 216
        10⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
        9⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
        8⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        7⤵
        
        PID:4328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
        6⤵
        Program crash
        
        PID:2124
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 240
        5⤵
        Program crash
        
        PID:2576
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56505.exe
        9⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44336.exe
        10⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14735.exe
        11⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        12⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
        13⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50263.exe
        14⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 220
        14⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
        13⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
        12⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        11⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 236
        10⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50921.exe
        9⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17834.exe
        10⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        11⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
        12⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        13⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 236
        12⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
        11⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 236
        10⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        9⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58129.exe
        8⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27808.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50314.exe
        10⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe
        11⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20450.exe
        12⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3667.exe
        13⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8892 -s 216
        13⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 236
        12⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
        11⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
        10⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
        9⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
        8⤵
        Program crash
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24833.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15555.exe
        9⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3251.exe
        10⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        11⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        12⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
        13⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 216
        13⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 236
        12⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        11⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        10⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
        9⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34584.exe
        8⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9665.exe
        9⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8721.exe
        10⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62608.exe
        11⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24467.exe
        12⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 216
        12⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 236
        11⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        10⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        9⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
        8⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 220
        7⤵
        Program crash
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
        7⤵
        Executes dropped EXE
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16350.exe
        8⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
        9⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1627.exe
        10⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        11⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        12⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47500.exe
        13⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 236
        12⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
        11⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
        10⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 236
        9⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
        8⤵
        Program crash
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23126.exe
        7⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe
        8⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        9⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        10⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe
        11⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe
        12⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 236
        11⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
        10⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        9⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 216
        8⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 220
        7⤵
        Program crash
        
        PID:3616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        6⤵
        Program crash
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
        7⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6811.exe
        8⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        10⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe
        11⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26937.exe
        12⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 216
        12⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
        11⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
        10⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 216
        9⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 236
        8⤵
        Program crash
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
        9⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48929.exe
        10⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
        11⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8764 -s 236
        11⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
        10⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
        9⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 216
        8⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
        7⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51284.exe
        6⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12841.exe
        7⤵
        
        PID:1544
        
        C:\Unicorn-43433.exe
        
        \Unicorn-43433.exe
        8⤵
        
        PID:4144
        
        C:\Unicorn-37590.exe
        
        \Unicorn-37590.exe
        9⤵
        
        PID:5952
        
        C:\Unicorn-584.exe
        
        \Unicorn-584.exe
        10⤵
        
        PID:8992
        
        C:\Unicorn-42998.exe
        
        \Unicorn-42998.exe
        11⤵
        
        PID:10916
        
        C:\Unicorn-2767.exe
        
        \Unicorn-2767.exe
        12⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 216
        11⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        10⤵
        
        PID:9612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
        9⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 216
        8⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
        7⤵
        Program crash
        
        PID:4052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
        6⤵
        Program crash
        
        PID:2768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        5⤵
        Program crash
        
        PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6603.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60293.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25566.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7750.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
        8⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27097.exe
        9⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29614.exe
        10⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64030.exe
        11⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
        12⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 216
        12⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 220
        11⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
        10⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
        9⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        8⤵
        Program crash
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13396.exe
        7⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65415.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
        9⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        10⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
        11⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20500.exe
        12⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 216
        11⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 236
        10⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        9⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 216
        8⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 220
        7⤵
        Program crash
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
        6⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51736.exe
        7⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2971.exe
        9⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
        10⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
        11⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55777.exe
        12⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 216
        11⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 220
        10⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
        9⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        8⤵
        
        PID:5460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
        6⤵
        Program crash
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
        6⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        7⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24658.exe
        8⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11414.exe
        9⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29796.exe
        10⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32365.exe
        11⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26613.exe
        12⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 220
        11⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 220
        10⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
        9⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 216
        8⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        7⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        6⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6375.exe
        7⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
        8⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6853.exe
        9⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18612.exe
        10⤵
        
        PID:936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 220
        10⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 220
        9⤵
        
        PID:10140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
        8⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
        7⤵
        
        PID:5248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
        6⤵
        
        PID:4040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
        5⤵
        Program crash
        
        PID:1112
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2096
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59600.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31897.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        9⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
        10⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
        11⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43236.exe
        12⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
        13⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        14⤵
        
        PID:10640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
        14⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
        13⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
        12⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
        11⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 236
        10⤵
        Program crash
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
        9⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        10⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
        10⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
        11⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31223.exe
        12⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64565.exe
        13⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 216
        13⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
        12⤵
        
        PID:10472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 236
        11⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 220
        10⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
        9⤵
        Program crash
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        8⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        9⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22904.exe
        10⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31067.exe
        11⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
        12⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60569.exe
        13⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 216
        13⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
        12⤵
        
        PID:10100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
        11⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        10⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
        9⤵
        Program crash
        
        PID:1376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        8⤵
        Program crash
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49935.exe
        8⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
        9⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        10⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4616.exe
        11⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
        12⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-870.exe
        13⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14936.exe
        14⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 220
        13⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 220
        12⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        11⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
        10⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        9⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20787.exe
        10⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30159.exe
        11⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38182.exe
        12⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe
        13⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
        12⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
        11⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 236
        10⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
        9⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        8⤵
        Program crash
        
        PID:3576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
        7⤵
        Program crash
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14060.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55244.exe
        8⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
        9⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
        10⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8607.exe
        11⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 220
        12⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 220
        11⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
        10⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 216
        9⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        8⤵
        Program crash
        
        PID:4000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
        7⤵
        Program crash
        
        PID:3304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        6⤵
        Program crash
        
        PID:708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42757.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64652.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18057.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37683.exe
        8⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
        9⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47024.exe
        10⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27175.exe
        11⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        12⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-870.exe
        13⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 220
        13⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 216
        12⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
        11⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
        10⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 236
        9⤵
        Program crash
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48399.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
        9⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
        10⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        11⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe
        12⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 216
        12⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 220
        11⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
        10⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        9⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
        8⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        7⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe
        8⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        9⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        10⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15021.exe
        11⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6708.exe
        12⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 216
        12⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
        10⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        9⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
        8⤵
        Program crash
        
        PID:4044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        7⤵
        Program crash
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29323.exe
        7⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        9⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47704.exe
        10⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        11⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28608.exe
        12⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 216
        12⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        11⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        10⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        9⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9504.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
        8⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
        9⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 188
        10⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
        9⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
        8⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
        7⤵
        
        PID:4388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
        6⤵
        Program crash
        
        PID:2896
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        5⤵
        Program crash
        
        PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7283.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
        7⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28602.exe
        8⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37403.exe
        9⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        10⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
        11⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31130.exe
        12⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 216
        12⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
        11⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        10⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
        9⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 216
        8⤵
        Program crash
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57937.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59385.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47704.exe
        9⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        10⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28992.exe
        11⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
        11⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
        10⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        9⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        8⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        7⤵
        Program crash
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6167.exe
        6⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25094.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39432.exe
        8⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7330.exe
        9⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
        10⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
        11⤵
        
        PID:920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 220
        11⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 216
        10⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
        9⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 216
        8⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 236
        7⤵
        
        PID:4672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        6⤵
        Program crash
        
        PID:792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        7⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17502.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        9⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        10⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53392.exe
        11⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
        12⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
        11⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 236
        10⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        9⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
        8⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26992.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        8⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe
        9⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
        10⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26278.exe
        11⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
        10⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
        9⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        8⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 220
        7⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12820.exe
        6⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34881.exe
        7⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 220
        8⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
        7⤵
        
        PID:5476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 220
        6⤵
        Program crash
        
        PID:3420
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7200.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59328.exe
        8⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-646.exe
        9⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
        10⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
        11⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47082.exe
        12⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 216
        12⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
        11⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        10⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 236
        9⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 216
        8⤵
        Program crash
        
        PID:3724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
        7⤵
        Program crash
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59328.exe
        7⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5908.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        10⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3755.exe
        11⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55668.exe
        12⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 216
        11⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 236
        10⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
        9⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
        8⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 216
        7⤵
        Program crash
        
        PID:3728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 240
        6⤵
        Program crash
        
        PID:896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48503.exe
        8⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
        9⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
        10⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
        11⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53722.exe
        12⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 216
        11⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
        10⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        9⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
        8⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14071.exe
        8⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47071.exe
        9⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        10⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 216
        10⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
        9⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        8⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
        7⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55991.exe
        6⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
        7⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
        8⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
        9⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
        10⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
        11⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
        10⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        9⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
        8⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 216
        7⤵
        
        PID:4300
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        6⤵
        Program crash
        
        PID:3960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
        5⤵
        Program crash
        
        PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22145.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        6⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29370.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30880.exe
        8⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        9⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        10⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        11⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 236
        11⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
        10⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        9⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        8⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 236
        7⤵
        
        PID:4132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 216
        6⤵
        Program crash
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
        5⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31316.exe
        6⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        7⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        8⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36956.exe
        9⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50346.exe
        10⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 220
        10⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
        9⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
        8⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 216
        7⤵
        
        PID:4248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
        6⤵
        Program crash
        
        PID:4088
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
        5⤵
        Program crash
        
        PID:2788
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 240
      4⤵
      Program crash
      PID:2764
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1588
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
  2⤵
  - Program crash
  PID:2780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10482.exe

Filesize
184KB

MD5
d95547f2f86c963413e1464f4f0f9473

SHA1
caaf4b8af126ff30521c628d7c1ac7f071763555

SHA256
8035bb256afb20fdd5b2428fc4a980d24b738029ba4d00ecb311f7eb2d794382

SHA512
8801c856ba9007bf9f65e64bf25f2ae8cc5fb63209810c1a7ec156805cf01124047e157eef795b42e2377cea924a5bc232d8ab1aced06c68de5643ee23869110

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe

Filesize
184KB

MD5
e2fe140522418aec49d58e4fcab81bea

SHA1
0a0065c89c6581b2af713d5c96592ec42a7a2960

SHA256
df853383de46cd7b5c368cb6a03244e65fcbba5e7bf4d55e3f2a98a859c51613

SHA512
b69fffdacb2ae384c63f8a81e6016151acc3660f622f4ca25246aac9d471f57650e95d06a58fd8d3c12e350523f1bc9843edf4c3ee6d0b04e495904ec57145ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe

Filesize
184KB

MD5
2af9de79eb194279b3c7680da63d76d9

SHA1
e0d18ddff044f0d7c8af45aa786bc04cf3553a77

SHA256
0a9c00fe7c1b87653eaaf440fde7900c4954d9e80a9d82f78b8143c9f158bc67

SHA512
828db3aa966f0d78624e1c1081c125eba47e8786712d1976c9e13e9615b039f5c2aecf417babaf4a3da869bcbfbf209b85d9af254dbd358d656b09d75282cd58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36956.exe

Filesize
184KB

MD5
eb42e23f6264ac2b0ba32dd09ff7746c

SHA1
c4332bff556f5093748fbc20e9f3ffd4ffedabc8

SHA256
bfaff4230fb310d61994326ce3106064b71e68fcb40e0c67ab27f7e59ad20bb0

SHA512
c9afe37a21d5e47377e471a6e5e82501a666785674ecb81f928c8f95f338da9b050169da86bee9f213b55aeb2d51e8751ee278f6715ed6ff24c5a4f743ea85ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe

Filesize
184KB

MD5
c0748df109052e79a58dba20dbe3d63c

SHA1
023c9bc257611b0e6f660147ac8956141c2fb317

SHA256
3d44c7f5035ff3704544b742e354c7be5642a8dc66f54a7400a06d8a4f83c01c

SHA512
f6a26b7706ba813f7cb782234dcc8de79bd9d9998d8783813bd6d4f93b398b8f59fc400537d2352d4d442d29be9735f0dd2fc24b95a5818bb43265e065572b04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe

Filesize
184KB

MD5
fd8c3a4f83cc0da14df97902e6cb92d9

SHA1
37dc4fe3ad7f20b33e172f3b91b05b1f33fc94e7

SHA256
d3ab8b1452e9873d719a8f4e8032f25a4c8bfaf3d67844359929a3d71fcd8dcd

SHA512
f0267564d5affb66cec5d975ef8817412a3b3f394c4ebb700dae769611a70bc65fdb9b38efa647b3a057218aea83b9155680dd3ac4f40c72d54edba073af75b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe

Filesize
184KB

MD5
ca53b9edb01ac83909dad787db52aadb

SHA1
e6a80d4710e362792dd0a456f02ffdea298617c8

SHA256
bf1e79bb16f293415485a1da5659cf54bacb246d4a320594ed518341116f8553

SHA512
d8ec7298b791772d2e655ae17c90c4ddf8b0de7cbf4f40910120c9f7396af2a1eea17384636d35780bae29e0d96d368c13cb157beff63e72f101c82379239d74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe

Filesize
184KB

MD5
74735770bc4537925c8804a095c81969

SHA1
db3fca28d77050639462726a8fd784deeab9d6b8

SHA256
3aa4d902a13b95354a44564db259102523d412e766657a612869879f2f135d0c

SHA512
7434d4aa81571fa9eb8e647a4ebe9695a613aa991671f57f109424a4a329786d4b27fbcaf29dc47f1e62f8507a89cb8a60aa2e9ae9160dbc1dfbdd84a807d12d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe

Filesize
184KB

MD5
7cd2adbb870d1c44b82af3e2c1608038

SHA1
c354fdb9ad1a995a29a392d9e572cadae7e48ff2

SHA256
51c769230548c48c2f5042da23c3db5874a46858526be9ed7768c467ed240956

SHA512
d4b863f17dc9e672ac408c096b83c723fe1b88dd596d6b052c7a5b490fd65bc7ef8f3bdd2dad0cf4c17d006263cbc68bdc63c1f35b7c83308775d16cda1a997f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe

Filesize
184KB

MD5
f66e3ec06a2daf253b7d8b3ee1d6bd1e

SHA1
9ddc97d2b48b304c51de233a6cd15745620b0e14

SHA256
3b98922814ff45a0207bd1d0a5c92e21991633ae12bd10fd73c9c06986cb2e8f

SHA512
ccd145d94cc0353dca0f4efcb17706f5ed4f5773a6c4900a3566387a035f1ff8eab3bc53dc1356e76259fa1dad1e08745522562c16fedfc8c41025a886ecdb7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6380.exe

Filesize
184KB

MD5
78a07833fe394f48f45bbba3f31c4554

SHA1
b6f490ab94854fa56a5e617170f98aeba73569fe

SHA256
bf57e3cbbb0a35108c6e4ead0637f13b258f42a5b017ec24fce4926153e2c082

SHA512
91517ea2f5ac412c86ed028dfb4969c03cecc263bfadd15a57799164120db5e836279a622793e6bfcff9b5b7f9dde864da35ad0ffc85b8cea36caa48a20d9f52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe

Filesize
184KB

MD5
e825418dcd2afb480b5baab684f77685

SHA1
9382ac9f684002a461f30f9d2e5f6f09540a54ba

SHA256
30582ed3b21e37f870d006153c80a2916c759dd6f2ac368e49aa94d2bf11c779

SHA512
87e8959c4cca78214ac87ffa93b8c5978fecc4b22d27aca098ab41909b6a77d113e5fbb7e8b8f75fc00bcc588115a1e15c6101ffccb9148136643f9a9b608d55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe

Filesize
184KB

MD5
8c6fabfc7ce485bfa6d4c994e350e436

SHA1
b0706a87876c9fbe54ffdbb83612270c50f38c9a

SHA256
b273dd73d2eea38b17bf2705bc000ec49b889dae0ee2f8db1f65ebbf1ceb8483

SHA512
ce2c4650c35179ff3bc74c04590b0075c5b17d2f4cca756060083e6ed24ad68517fd290f8d9baea314f707925ec990a2a61e42637caa9e21ebea3d3fcaaecb26

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25427.exe

Filesize
184KB

MD5
5c68888a7db8beee34ee46d9acf0175c

SHA1
0b417a97c912df30de348b3d1623c397021f721d

SHA256
7d92bf41d3b1b0627af089fe6ad4b108e64d0ee24da5365abe585ce860e320a8

SHA512
d348a335c03f89875f4dcd1a3b5f7bd4b2dee08353ef325e961221d9ff17c456b26c10d6bc21122b473b7c5cc731f41f0b5309e8a8ed16919572719acafd0b9a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe

Filesize
184KB

MD5
e447d9738326d1e7c13a4bb4828d3e57

SHA1
7000dbd36a2312b01f704727d6b6bfdba19046f2

SHA256
162092b8241e4a7cab8bd51b92d0141c602dd780fc8eb1b70fe70950fb988646

SHA512
9b1e3c0838e52fcd1e6396c2f774e5291529b49ee725d4bb43afe37b50fd851f49554f217f8a4deb53b05a0cf08f330388f9ca259a2d80accb4cbc473c902cad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe

Filesize
184KB

MD5
c37f6bc74fae109f5a8191beaa43313a

SHA1
0e29333407d21f559cab895cd045bbbbaa71ee26

SHA256
9bedaa25f3c5de63b5b0d5c9478c62a43806191e5990bada0276c09bbe38ec55

SHA512
24b083c915c0e635b95e14c8f5bad326aaa5fc293c1169010236cfb0411517279764c2ec8648f5d3ce2505647997d498c3bd4482bcf444eba288b6cf9f31e604

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe

Filesize
184KB

MD5
8b90621f5cd28cf1706dc9fae4b68f16

SHA1
670eb83fbe4898b6131344e2197c038e00b0741a

SHA256
d2f232bf54742a05e9d523e03dd6efba6bbac4c0a388a7f56cdc9c19e8076c3b

SHA512
899922817dbe8b2373d5b2d7012dc34186d53e3edeaad701b5022dfa24445cd6d8ee46de84cbc2a98d2afb36e840037c5599047b3a783fa6b7520f424b714de1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe

Filesize
184KB

MD5
6216d300e3526f4001493120c3b7ce33

SHA1
eb16eb47af933a76167b082e55779c4d34a67666

SHA256
33d8dd34a02de8b8511f2ac03933fd49f395d0b22a26b2a049ee907200de8ab9

SHA512
aceeece98ccbb89f3cab8f3d87cec78c3d1401203ba4d946ea4d7c8a907ea17b247e12af1f94241a0e031966d656810b7a41d70f9323f915e5d76ad22f326cdd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe

Filesize
184KB

MD5
b341ff7090b48f6e0d96840a3d505520

SHA1
01fe9caf63ec4af918fce68e0e7ce700b096abac

SHA256
7c40bd4840924587810feefa7346c82bd8c410fb247b497902acc700553343b6

SHA512
92ed9b07b7ada5ec9d8d7baf05e36d110b54876df18b0bb20d6d742d57c99ac73934f9f817bde3a5f8030ab73c3acc08b1833253fa37ae0cc4befea4b6cfac44

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe

Filesize
184KB

MD5
1aab342d1772549977fa250c0769679a

SHA1
3611c45feffcb5e4f782ea8ad3f2e05edab5e505

SHA256
383f2f76510724d471e248bed1e0fb4c98b8417bb20838f1c885530289beeeca

SHA512
8c47490334da208826577ad2cf641183c9b3cc9f7de721173910911681bd94e51fe8410e22d7c6da1e4efd5134fce45e670db3912f97110bbd4bc92fc89d8fef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe

Filesize
184KB

MD5
7c30b3cafe62aa267ac2893145a8fa65

SHA1
1fcf7d2c71ed3eabd2d5757652c522cdd1d0b768

SHA256
68c3cf575fdc896bc0685a5f2f052ff2113565b4fe1668aa698146e22ed7e4c5

SHA512
7cb2b1cca18bfc17f156d4d89c9720fc7ba85d648caae1f6d4eb46fd74446c0139485df831200ef42c5bf568cca1b708def02f80ce0700c9a77559fbb0401a0a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe

Filesize
184KB

MD5
1a638522e603f54cce05ed8f2a7af4ef

SHA1
6287dc60fa32af70ccf9bc1546afdce3e73f1b59

SHA256
ad25a11e05f79be6c09291d582b1f72478a8147ac27a2075840a8974d94e9cac

SHA512
27195161704355a346de033d67d8fef9fcbdd9b64e2ccc53a9b1cce04e37621f5acf71e79eda746d93ea4052976f107d668f0232285fd6937c653368c24c8996

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59600.exe

Filesize
184KB

MD5
9ad9e3e38233b6384877cfc95a835602

SHA1
e45826a1601affa26a286be528c972b8e8ab6ebc

SHA256
742ba9f3cd6571b943fdcceb977488aefd916e621da1d9aafa655f05057c55ac

SHA512
5a31060b522ef8ef5b9033bd4911ca14f0020d336ab0054c0de3ebc566cffc4a1e41fad646f9b571b9340bbf56bf7ed449e114d2dbdda2c44a44dee68a4980aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe

Filesize
184KB

MD5
34f223807fba5a754461285620ee9ab0

SHA1
d12e983558ef49a357e28574ae9077e34ea1023e

SHA256
18f8906f032515a136eab94b40260e5354cb1fb79a0f935d0763a9c947cd9f7d

SHA512
ef0b0a9452c1aeacc235878f009966d53e76abdad5fa3331992cc4926895194b3ee64ba7a991b18b0016f9ca9996e09223baeff5da62189035eae5e505adeffb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads