3ea8251bc6de6dc83e06fcd7f9e4120c1cf7f90c66bedf53ec09e0724b45a2a6

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29-05-2024 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe
Size

184KB
MD5

540ce06cee83cfb5a1569fae157eb570
SHA1

7fe40012177094d4c37650ef235d79557af1fb25
SHA256

3ea8251bc6de6dc83e06fcd7f9e4120c1cf7f90c66bedf53ec09e0724b45a2a6
SHA512

0c7a21a39caf4b8df3f1b0d7ad88a25a69c7950bb799e20d3d32c3e5f940d22fe492495c9aff799654b20a65e030b92a71e7b2f4dcb4189a4ec1c4e187ffa3ba
SSDEEP

3072:NPGadkoc+JONCeaWezgLRKsmhlnViFNn3:NPOos0eayLYsmhlnViFN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1316	Unicorn-15519.exe
2924	Unicorn-37921.exe
2616	Unicorn-57787.exe
2936	Unicorn-61845.exe
2880	Unicorn-17475.exe
2424	Unicorn-37341.exe
2548	Unicorn-42432.exe
2576	Unicorn-30734.exe
2844	Unicorn-22012.exe
2020	Unicorn-5675.exe
2756	Unicorn-51347.exe
2832	Unicorn-47943.exe
1100	Unicorn-28675.exe
108	Unicorn-62094.exe
2912	Unicorn-57455.exe
2296	Unicorn-4170.exe
2956	Unicorn-41119.exe
2100	Unicorn-21253.exe
2376	Unicorn-25337.exe
2316	Unicorn-62738.exe
2460	Unicorn-18368.exe
1628	Unicorn-25982.exe
944	Unicorn-17107.exe
2172	Unicorn-58462.exe
908	Unicorn-46210.exe
2448	Unicorn-54056.exe
2024	Unicorn-8384.exe
2864	Unicorn-12468.exe
2472	Unicorn-46573.exe
356	Unicorn-53117.exe
2468	Unicorn-37335.exe
1688	Unicorn-61285.exe
1932	Unicorn-50844.exe
2712	Unicorn-35062.exe
3036	Unicorn-59012.exe
2500	Unicorn-38208.exe
2504	Unicorn-22426.exe
3032	Unicorn-5535.exe
1748	Unicorn-54736.exe
1696	Unicorn-43038.exe
2168	Unicorn-50460.exe
620	Unicorn-38762.exe
2036	Unicorn-41908.exe
2628	Unicorn-25572.exe
1000	Unicorn-5151.exe
788	Unicorn-30402.exe
1900	Unicorn-30402.exe
756	Unicorn-30402.exe
2608	Unicorn-34486.exe
1140	Unicorn-50268.exe
1648	Unicorn-54352.exe
1524	Unicorn-22915.exe
1772	Unicorn-10662.exe
1924	Unicorn-31829.exe
2288	Unicorn-55779.exe
2380	Unicorn-39997.exe
1732	Unicorn-63947.exe
1504	Unicorn-39443.exe
1580	Unicorn-19577.exe
2148	Unicorn-22723.exe
1020	Unicorn-35721.exe
2808	Unicorn-39805.exe
2624	Unicorn-39805.exe
2560	Unicorn-11778.exe

Loads dropped DLL 64 IoCs

pid	Process
2928	540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe
2928	540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe
2928	540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe
2928	540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe
1316	Unicorn-15519.exe
1316	Unicorn-15519.exe
2924	Unicorn-37921.exe
2924	Unicorn-37921.exe
1316	Unicorn-15519.exe
2616	Unicorn-57787.exe
1316	Unicorn-15519.exe
2616	Unicorn-57787.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2936	Unicorn-61845.exe
2936	Unicorn-61845.exe
2924	Unicorn-37921.exe
2924	Unicorn-37921.exe
2880	Unicorn-17475.exe
2880	Unicorn-17475.exe
2616	Unicorn-57787.exe
2424	Unicorn-37341.exe
2616	Unicorn-57787.exe
2424	Unicorn-37341.exe
2216	WerFault.exe
2216	WerFault.exe
2216	WerFault.exe
2216	WerFault.exe
332	WerFault.exe
332	WerFault.exe
332	WerFault.exe
332	WerFault.exe
2216	WerFault.exe
332	WerFault.exe
2576	Unicorn-30734.exe
2576	Unicorn-30734.exe
2548	Unicorn-42432.exe
2548	Unicorn-42432.exe
2936	Unicorn-61845.exe
2936	Unicorn-61845.exe
2756	Unicorn-51347.exe
2756	Unicorn-51347.exe
2020	Unicorn-5675.exe
2020	Unicorn-5675.exe
2424	Unicorn-37341.exe
2424	Unicorn-37341.exe
2844	Unicorn-22012.exe
2844	Unicorn-22012.exe
2880	Unicorn-17475.exe
2880	Unicorn-17475.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
912	WerFault.exe
912	WerFault.exe
912	WerFault.exe
912	WerFault.exe
912	WerFault.exe
444	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2736	2928	WerFault.exe	27
2440	1316	WerFault.exe	28
2216	2924	WerFault.exe	29
332	2616	WerFault.exe	30
2872	2936	WerFault.exe	32
912	2880	WerFault.exe	33
444	2424	WerFault.exe	34
1312	2576	WerFault.exe	37
1684	2548	WerFault.exe	36
2128	2756	WerFault.exe	39
2740	2020	WerFault.exe	40
2260	2844	WerFault.exe	38
2112	2832	WerFault.exe	43
2952	1100	WerFault.exe	44
1844	108	WerFault.exe	45
2060	2296	WerFault.exe	47
1792	2912	WerFault.exe	46
1984	2376	WerFault.exe	50
1760	2956	WerFault.exe	49
1600	2100	WerFault.exe	48
2180	2316	WerFault.exe	54
2136	2460	WerFault.exe	55
344	1628	WerFault.exe	56
2268	944	WerFault.exe	57
2552	2172	WerFault.exe	58
2584	908	WerFault.exe	59
2556	2448	WerFault.exe	60
2768	2472	WerFault.exe	63
1820	1688	WerFault.exe	66
2040	2024	WerFault.exe	61
1616	2864	WerFault.exe	62
2252	356	WerFault.exe	64
264	2468	WerFault.exe	65
3176	2712	WerFault.exe	73
3228	1932	WerFault.exe	72
3252	3036	WerFault.exe	74
3284	1696	WerFault.exe	79
3276	3032	WerFault.exe	77
3376	2036	WerFault.exe	82
3392	1900	WerFault.exe	85
3416	756	WerFault.exe	87
3432	1140	WerFault.exe	88
3572	2500	WerFault.exe	75
3844	2628	WerFault.exe	83
1812	1648	WerFault.exe	90
3224	1524	WerFault.exe	98
3296	620	WerFault.exe	81
3348	1924	WerFault.exe	101
3448	1772	WerFault.exe	100
3644	1748	WerFault.exe	78
3752	2504	WerFault.exe	76
3924	1000	WerFault.exe	84
3996	2168	WerFault.exe	80
4020	1580	WerFault.exe	106
4036	1504	WerFault.exe	105
3956	2148	WerFault.exe	107
900	2808	WerFault.exe	109
3104	1700	WerFault.exe	113
3144	2572	WerFault.exe	112
3160	2380	WerFault.exe	103
3196	1124	WerFault.exe	115
3220	2596	WerFault.exe	114
3332	2212	WerFault.exe	117
3468	1396	WerFault.exe	124

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2928	540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe
1316	Unicorn-15519.exe
2616	Unicorn-57787.exe
2924	Unicorn-37921.exe
2936	Unicorn-61845.exe
2880	Unicorn-17475.exe
2424	Unicorn-37341.exe
2548	Unicorn-42432.exe
2576	Unicorn-30734.exe
2756	Unicorn-51347.exe
2844	Unicorn-22012.exe
2020	Unicorn-5675.exe
2832	Unicorn-47943.exe
1100	Unicorn-28675.exe
108	Unicorn-62094.exe
2912	Unicorn-57455.exe
2296	Unicorn-4170.exe
2956	Unicorn-41119.exe
2100	Unicorn-21253.exe
2376	Unicorn-25337.exe
2316	Unicorn-62738.exe
2460	Unicorn-18368.exe
1628	Unicorn-25982.exe
944	Unicorn-17107.exe
2172	Unicorn-58462.exe
908	Unicorn-46210.exe
2448	Unicorn-54056.exe
2024	Unicorn-8384.exe
2472	Unicorn-46573.exe
2864	Unicorn-12468.exe
2468	Unicorn-37335.exe
356	Unicorn-53117.exe
1688	Unicorn-61285.exe
1932	Unicorn-50844.exe
2712	Unicorn-35062.exe
3036	Unicorn-59012.exe
2500	Unicorn-38208.exe
2504	Unicorn-22426.exe
3032	Unicorn-5535.exe
1748	Unicorn-54736.exe
1696	Unicorn-43038.exe
2168	Unicorn-50460.exe
620	Unicorn-38762.exe
2036	Unicorn-41908.exe
2628	Unicorn-25572.exe
1000	Unicorn-5151.exe
2608	Unicorn-34486.exe
788	Unicorn-30402.exe
1900	Unicorn-30402.exe
756	Unicorn-30402.exe
1140	Unicorn-50268.exe
1648	Unicorn-54352.exe
1524	Unicorn-22915.exe
1772	Unicorn-10662.exe
1924	Unicorn-31829.exe
2288	Unicorn-55779.exe
1504	Unicorn-39443.exe
2380	Unicorn-39997.exe
1732	Unicorn-63947.exe
1580	Unicorn-19577.exe
2148	Unicorn-22723.exe
1020	Unicorn-35721.exe
2808	Unicorn-39805.exe
2624	Unicorn-39805.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 1316	2928	540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe	28
PID 2928 wrote to memory of 1316	2928	540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe	28
PID 2928 wrote to memory of 1316	2928	540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe	28
PID 2928 wrote to memory of 1316	2928	540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe	28
PID 2928 wrote to memory of 2924	2928	540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe	29
PID 2928 wrote to memory of 2924	2928	540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe	29
PID 2928 wrote to memory of 2924	2928	540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe	29
PID 2928 wrote to memory of 2924	2928	540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe	29
PID 1316 wrote to memory of 2616	1316	Unicorn-15519.exe	30
PID 1316 wrote to memory of 2616	1316	Unicorn-15519.exe	30
PID 1316 wrote to memory of 2616	1316	Unicorn-15519.exe	30
PID 1316 wrote to memory of 2616	1316	Unicorn-15519.exe	30
PID 2928 wrote to memory of 2736	2928	540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe	31
PID 2928 wrote to memory of 2736	2928	540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe	31
PID 2928 wrote to memory of 2736	2928	540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe	31
PID 2928 wrote to memory of 2736	2928	540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe	31
PID 2924 wrote to memory of 2936	2924	Unicorn-37921.exe	32
PID 2924 wrote to memory of 2936	2924	Unicorn-37921.exe	32
PID 2924 wrote to memory of 2936	2924	Unicorn-37921.exe	32
PID 2924 wrote to memory of 2936	2924	Unicorn-37921.exe	32
PID 1316 wrote to memory of 2880	1316	Unicorn-15519.exe	33
PID 1316 wrote to memory of 2880	1316	Unicorn-15519.exe	33
PID 1316 wrote to memory of 2880	1316	Unicorn-15519.exe	33
PID 1316 wrote to memory of 2880	1316	Unicorn-15519.exe	33
PID 2616 wrote to memory of 2424	2616	Unicorn-57787.exe	34
PID 2616 wrote to memory of 2424	2616	Unicorn-57787.exe	34
PID 2616 wrote to memory of 2424	2616	Unicorn-57787.exe	34
PID 2616 wrote to memory of 2424	2616	Unicorn-57787.exe	34
PID 1316 wrote to memory of 2440	1316	Unicorn-15519.exe	35
PID 1316 wrote to memory of 2440	1316	Unicorn-15519.exe	35
PID 1316 wrote to memory of 2440	1316	Unicorn-15519.exe	35
PID 1316 wrote to memory of 2440	1316	Unicorn-15519.exe	35
PID 2936 wrote to memory of 2548	2936	Unicorn-61845.exe	36
PID 2936 wrote to memory of 2548	2936	Unicorn-61845.exe	36
PID 2936 wrote to memory of 2548	2936	Unicorn-61845.exe	36
PID 2936 wrote to memory of 2548	2936	Unicorn-61845.exe	36
PID 2924 wrote to memory of 2576	2924	Unicorn-37921.exe	37
PID 2924 wrote to memory of 2576	2924	Unicorn-37921.exe	37
PID 2924 wrote to memory of 2576	2924	Unicorn-37921.exe	37
PID 2924 wrote to memory of 2576	2924	Unicorn-37921.exe	37
PID 2880 wrote to memory of 2844	2880	Unicorn-17475.exe	38
PID 2880 wrote to memory of 2844	2880	Unicorn-17475.exe	38
PID 2880 wrote to memory of 2844	2880	Unicorn-17475.exe	38
PID 2880 wrote to memory of 2844	2880	Unicorn-17475.exe	38
PID 2616 wrote to memory of 2756	2616	Unicorn-57787.exe	39
PID 2616 wrote to memory of 2756	2616	Unicorn-57787.exe	39
PID 2616 wrote to memory of 2756	2616	Unicorn-57787.exe	39
PID 2616 wrote to memory of 2756	2616	Unicorn-57787.exe	39
PID 2424 wrote to memory of 2020	2424	Unicorn-37341.exe	40
PID 2424 wrote to memory of 2020	2424	Unicorn-37341.exe	40
PID 2424 wrote to memory of 2020	2424	Unicorn-37341.exe	40
PID 2424 wrote to memory of 2020	2424	Unicorn-37341.exe	40
PID 2924 wrote to memory of 2216	2924	Unicorn-37921.exe	41
PID 2924 wrote to memory of 2216	2924	Unicorn-37921.exe	41
PID 2924 wrote to memory of 2216	2924	Unicorn-37921.exe	41
PID 2924 wrote to memory of 2216	2924	Unicorn-37921.exe	41
PID 2616 wrote to memory of 332	2616	Unicorn-57787.exe	42
PID 2616 wrote to memory of 332	2616	Unicorn-57787.exe	42
PID 2616 wrote to memory of 332	2616	Unicorn-57787.exe	42
PID 2616 wrote to memory of 332	2616	Unicorn-57787.exe	42
PID 2576 wrote to memory of 2832	2576	Unicorn-30734.exe	43
PID 2576 wrote to memory of 2832	2576	Unicorn-30734.exe	43
PID 2576 wrote to memory of 2832	2576	Unicorn-30734.exe	43
PID 2576 wrote to memory of 2832	2576	Unicorn-30734.exe	43

C:\Users\Admin\AppData\Local\Temp\540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\540ce06cee83cfb5a1569fae157eb570_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15519.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15519.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
        9⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39053.exe
        10⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
        11⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30469.exe
        12⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59675.exe
        13⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
        14⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29368.exe
        15⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9540 -s 216
        14⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
        13⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 236
        12⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        11⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 216
        10⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
        10⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4324.exe
        11⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18077.exe
        12⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46982.exe
        13⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        14⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10312 -s 220
        14⤵
        
        PID:12704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
        13⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
        12⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
        11⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
        10⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
        9⤵
        Program crash
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
        9⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        10⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22093.exe
        11⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56566.exe
        12⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32405.exe
        13⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        14⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
        14⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 216
        13⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
        12⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
        11⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 216
        10⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 216
        9⤵
        Program crash
        
        PID:3332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
        8⤵
        Program crash
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38762.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
        8⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12520.exe
        9⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
        10⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60987.exe
        11⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65357.exe
        12⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53785.exe
        13⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19876.exe
        14⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 216
        14⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
        13⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
        12⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
        11⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 216
        10⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
        9⤵
        Program crash
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41855.exe
        8⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60922.exe
        9⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27329.exe
        10⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53681.exe
        11⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        12⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
        13⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9876 -s 216
        13⤵
        
        PID:12292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 220
        12⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
        11⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
        10⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 216
        9⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 240
        8⤵
        Program crash
        
        PID:3296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        7⤵
        Program crash
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54056.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41908.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
        8⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        9⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39075.exe
        10⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18502.exe
        11⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
        12⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        13⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
        14⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 216
        14⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
        13⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
        12⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
        11⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
        10⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64326.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        10⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe
        11⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        12⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15599.exe
        13⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 216
        13⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
        12⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        11⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        10⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 220
        9⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51176.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55411.exe
        9⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25518.exe
        10⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58211.exe
        11⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
        12⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
        13⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9296 -s 216
        13⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
        12⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
        11⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
        10⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
        9⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
        8⤵
        Program crash
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        7⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5504.exe
        8⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26823.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42046.exe
        10⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        11⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36873.exe
        12⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34676.exe
        13⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 216
        13⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
        12⤵
        
        PID:10664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
        11⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        10⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
        9⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55774.exe
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        9⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17034.exe
        10⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
        11⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28236.exe
        12⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 216
        12⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
        11⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
        10⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        9⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 240
        8⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        7⤵
        Program crash
        
        PID:2556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        6⤵
        Program crash
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5151.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11394.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46345.exe
        9⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36226.exe
        10⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39197.exe
        11⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20926.exe
        12⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        13⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65423.exe
        14⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 216
        14⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 220
        13⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
        12⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
        11⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 236
        10⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
        9⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38731.exe
        8⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23974.exe
        9⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56841.exe
        10⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
        11⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37059.exe
        12⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40779.exe
        13⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 236
        13⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 220
        12⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 220
        11⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
        10⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 216
        9⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 240
        8⤵
        Program crash
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        7⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
        8⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        9⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35928.exe
        10⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
        11⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6909.exe
        12⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46404.exe
        13⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10452 -s 236
        13⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
        12⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
        11⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
        10⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
        9⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
        8⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 220
        7⤵
        Program crash
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17757.exe
        8⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59469.exe
        9⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22524.exe
        10⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18077.exe
        11⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64532.exe
        12⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10078.exe
        13⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
        12⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
        11⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
        10⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 216
        9⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
        8⤵
        
        PID:3840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 236
        7⤵
        Program crash
        
        PID:3416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
        6⤵
        Program crash
        
        PID:1600
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51347.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57455.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8384.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        9⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
        10⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
        11⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        12⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        12⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24749.exe
        13⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9492 -s 220
        13⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 220
        12⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
        11⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
        10⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 216
        9⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
        8⤵
        Program crash
        
        PID:900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
        7⤵
        Program crash
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22962.exe
        7⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35458.exe
        9⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50873.exe
        10⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
        11⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25197.exe
        12⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12091.exe
        13⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
        12⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
        11⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        10⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 216
        9⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 236
        8⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 236
        7⤵
        Program crash
        
        PID:3392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
        6⤵
        Program crash
        
        PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46573.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
        8⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
        9⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64194.exe
        10⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
        11⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
        12⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4245.exe
        13⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 220
        12⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
        11⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        10⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 216
        9⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
        8⤵
        Program crash
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
        7⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38922.exe
        9⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19919.exe
        10⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61377.exe
        11⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51012.exe
        12⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 216
        12⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 216
        11⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 236
        10⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        9⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
        8⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        7⤵
        Program crash
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45006.exe
        6⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        7⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38621.exe
        9⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
        10⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15575.exe
        11⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47395.exe
        12⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 220
        12⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
        11⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
        10⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        9⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 216
        8⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 236
        7⤵
        Program crash
        
        PID:3196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
        6⤵
        Program crash
        
        PID:2768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
        5⤵
        Program crash
        
        PID:2128
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41119.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57424.exe
        8⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25048.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
        10⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43857.exe
        11⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        12⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        13⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49938.exe
        14⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 220
        14⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
        13⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
        12⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
        11⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
        10⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        9⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27137.exe
        10⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        11⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
        12⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
        13⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 220
        13⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
        12⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        11⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
        10⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
        9⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 236
        8⤵
        Program crash
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        7⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34093.exe
        8⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31330.exe
        10⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33754.exe
        11⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        12⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6502.exe
        13⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 220
        13⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
        12⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
        11⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        10⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
        8⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 240
        7⤵
        Program crash
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34486.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
        6⤵
        Program crash
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55442.exe
        7⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39053.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45964.exe
        9⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47957.exe
        10⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51507.exe
        11⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11271.exe
        12⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29368.exe
        13⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9508 -s 216
        12⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
        11⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        10⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        9⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 216
        8⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64194.exe
        9⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49130.exe
        10⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        11⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        12⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 220
        12⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 220
        11⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
        10⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
        9⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
        8⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        7⤵
        Program crash
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        6⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34093.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31649.exe
        8⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39628.exe
        9⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
        10⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
        11⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45387.exe
        12⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
        12⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
        11⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
        10⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        9⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
        8⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 216
        7⤵
        
        PID:3488
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        6⤵
        Program crash
        
        PID:264
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
        5⤵
        Program crash
        
        PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12468.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33133.exe
        7⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24057.exe
        9⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37822.exe
        10⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29530.exe
        11⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51754.exe
        12⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64505.exe
        13⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12920 -s 188
        14⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 236
        12⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 236
        11⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        10⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 236
        9⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 236
        8⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44231.exe
        9⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12010.exe
        10⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46378.exe
        11⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 216
        11⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
        10⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
        9⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        8⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 220
        7⤵
        
        PID:4828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 216
        6⤵
        Program crash
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
        6⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31841.exe
        8⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58387.exe
        8⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31045.exe
        9⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe
        10⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35200.exe
        11⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9372 -s 216
        11⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
        10⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
        9⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 236
        7⤵
        Program crash
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
        6⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        7⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15315.exe
        8⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
        9⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
        10⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
        11⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10252 -s 216
        11⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 216
        10⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 220
        9⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
        8⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
        7⤵
        
        PID:5736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 220
        6⤵
        
        PID:3820
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        5⤵
        Program crash
        
        PID:1984
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:912
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37921.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37921.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29049.exe
        9⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
        10⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30479.exe
        11⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51740.exe
        12⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60718.exe
        13⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        14⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 216
        14⤵
        
        PID:11860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 236
        13⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 236
        12⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        11⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
        10⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5997.exe
        9⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58875.exe
        10⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        11⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe
        12⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61157.exe
        13⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 236
        13⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 236
        12⤵
        
        PID:9740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
        11⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        10⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 220
        9⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        8⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51135.exe
        9⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55450.exe
        10⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
        11⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25244.exe
        12⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        13⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 220
        13⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
        12⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
        11⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        10⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 236
        9⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
        8⤵
        Program crash
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33325.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1887.exe
        9⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
        10⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26338.exe
        11⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
        12⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43202.exe
        13⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45704.exe
        14⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 216
        13⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 236
        12⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 236
        11⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
        10⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
        9⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51643.exe
        8⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52261.exe
        9⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        10⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        11⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        12⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        13⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9568 -s 216
        13⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
        12⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
        11⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        10⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
        9⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
        8⤵
        Program crash
        
        PID:3160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        7⤵
        Program crash
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
        9⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14884.exe
        10⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
        11⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48435.exe
        12⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28942.exe
        13⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 220
        13⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 220
        12⤵
        
        PID:10700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 220
        11⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
        10⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
        9⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 216
        8⤵
        Program crash
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20082.exe
        8⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe
        9⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29369.exe
        10⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17735.exe
        11⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
        12⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10168 -s 216
        12⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 220
        11⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 220
        10⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
        9⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
        8⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        7⤵
        Program crash
        
        PID:3752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
        6⤵
        Program crash
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22723.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20881.exe
        8⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
        9⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
        10⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65357.exe
        11⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63811.exe
        12⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20665.exe
        13⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 220
        13⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
        12⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        11⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
        10⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 236
        9⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
        8⤵
        Program crash
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25327.exe
        7⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 220
        7⤵
        Program crash
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35721.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8436.exe
        7⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        8⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47796.exe
        9⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
        10⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59426.exe
        11⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
        12⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 220
        12⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 216
        11⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 236
        9⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 216
        8⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 236
        7⤵
        
        PID:3584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
        6⤵
        Program crash
        
        PID:2268
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
        5⤵
        Program crash
        
        PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58462.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11778.exe
        7⤵
        Executes dropped EXE
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12712.exe
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21779.exe
        9⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9482.exe
        10⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        11⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        12⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51313.exe
        13⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 216
        13⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
        12⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        11⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
        9⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43499.exe
        9⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe
        10⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe
        11⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40680.exe
        12⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10036 -s 216
        12⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
        11⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
        10⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        8⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25327.exe
        7⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15998.exe
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14500.exe
        9⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        10⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe
        11⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
        12⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9816 -s 216
        12⤵
        
        PID:12316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
        11⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
        10⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
        9⤵
        
        PID:3164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 216
        8⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 220
        7⤵
        Program crash
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        6⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35842.exe
        8⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
        9⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
        10⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        11⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
        12⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
        12⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
        11⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
        10⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
        9⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 216
        8⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
        7⤵
        Program crash
        
        PID:3104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
        6⤵
        Program crash
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43038.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        6⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48976.exe
        7⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7528.exe
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
        9⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        10⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57807.exe
        11⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        12⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9980 -s 216
        12⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
        11⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
        10⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
        9⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        8⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        7⤵
        
        PID:4336
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
        6⤵
        Program crash
        
        PID:3284
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 240
        5⤵
        Program crash
        
        PID:1844
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30734.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62738.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10662.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12795.exe
        9⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31841.exe
        10⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        11⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
        12⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        13⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe
        14⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 216
        14⤵
        
        PID:12528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
        13⤵
        
        PID:10480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
        12⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        11⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        10⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
        9⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5182.exe
        8⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27098.exe
        9⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22285.exe
        10⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
        11⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe
        12⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        13⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 220
        13⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
        12⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
        11⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
        10⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
        9⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
        8⤵
        Program crash
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        7⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        8⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exe
        9⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46504.exe
        10⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27470.exe
        11⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-685.exe
        12⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9716 -s 216
        12⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
        11⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 236
        10⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        9⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
        8⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        7⤵
        Program crash
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31829.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61337.exe
        7⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20199.exe
        9⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3032.exe
        10⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
        10⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        9⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 236
        8⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5182.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        8⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15076.exe
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
        10⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
        11⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
        12⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 216
        12⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
        11⤵
        
        PID:11088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
        10⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
        9⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        8⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        7⤵
        Program crash
        
        PID:3348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        6⤵
        Program crash
        
        PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6708.exe
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60017.exe
        10⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6390.exe
        11⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64556.exe
        12⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9480 -s 216
        12⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
        11⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
        10⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        9⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54575.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60193.exe
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe
        10⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50599.exe
        11⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        12⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 216
        12⤵
        
        PID:12396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
        11⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
        10⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
        9⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
        8⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
        7⤵
        Program crash
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe
        6⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54020.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12030.exe
        8⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        9⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        10⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28568.exe
        11⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9584 -s 216
        11⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 236
        9⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        8⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
        7⤵
        
        PID:4616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        6⤵
        Program crash
        
        PID:3176
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
        5⤵
        Program crash
        
        PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59012.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63947.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe
        6⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54020.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11036.exe
        8⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        9⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63852.exe
        10⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        11⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23099.exe
        12⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10556 -s 216
        12⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 236
        11⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
        10⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 236
        9⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
        8⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
        7⤵
        
        PID:4688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
        6⤵
        Program crash
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19577.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59619.exe
        6⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10268.exe
        7⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
        9⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        10⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe
        11⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 216
        11⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
        10⤵
        
        PID:10528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
        9⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        8⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        7⤵
        
        PID:6032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 216
        6⤵
        Program crash
        
        PID:4020
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
        5⤵
        Program crash
        
        PID:2136
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
      4⤵
      Program crash
      PID:1312
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2216
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
  2⤵
  - Program crash
  PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe

Filesize
184KB

MD5
1cdabcdcaa4e942384e4a10a441661e2

SHA1
ba6033eb71f46c585520e2337e1bd6be8abd822e

SHA256
56a9a165e5bfb1b243f12b12c37820e20eba89ab0265ca8a340bcd7d58bf0bf2

SHA512
85e6d7170c5f6134d6eee3f1ae1ce512e24612c779f6e49c35cc27bf92db017c91a6754bed6d8906a62a39b6964e7c40a8534bed27851704602fd6da841904f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30469.exe

Filesize
184KB

MD5
95bdfbaf1d3bc07acddf2ef756c0e011

SHA1
1d4d19a0246a25c6fd5f5d7ede5efc6302661934

SHA256
766b5a65235e58e4d94dfaadcae33120f4222363a4bb14bb81ea0c22dc57d930

SHA512
9e1c8cd63080da7f6590707497944fd5bbb88b5d5894a30842c8c78136a3d2d57f53e65f1dbed890fe2efb2e96157d7be9e6e4a6ad50067d44dc049013665ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33133.exe

Filesize
184KB

MD5
b653c3c6bccd173f9d0976dbbd3669a4

SHA1
4d1370c7a50f6b26b45b234a0bf300bb6c575b39

SHA256
2edc47f920f1257235b3622c4a838661ce11cfd7041e280b84e4961ac34836ed

SHA512
801c30a1dc52a810120fe2c549213cd8d2ae1be3f56c3e4f3ae003e112d8157aadcb18e8433f409f31e0a6c57e86542416e03f3019eff3caf9e0010d1e497875

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe

Filesize
184KB

MD5
a8da58e9f234e6cfcb74f5bc5e5d357d

SHA1
f11685b95a4a1397d4d9ee1bfca1c548bfa50e09

SHA256
0356b77afcb8c40eb716ef8c57d3ded7fcc5bb3890a3f7d484d87e61778bcc09

SHA512
80be93403b49c1849a74a9a79ad4119789223d2f01271355661a699c611b0ffd2983fd324f522603b7190171dcef15277bd27e324754843ef5896cdf2b1e9e96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe

Filesize
184KB

MD5
697adea6e03c192c84bec5a965af4c1a

SHA1
319a7197e1adc41ecbcfcf1cea63d690516652ae

SHA256
4946ad7fa7c9fa11266345559159f176bd0cd97c563b6f84b110a402d85c7557

SHA512
ef3ba34c0bce316d28a5c53f298d620eb40034c99c606db35e191f9d65f8fbe2139ac74cc34dbf9e2c3580df3d3cff1fad553bab697196dff29a07b3e39cbdfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37921.exe

Filesize
184KB

MD5
02c7b0d7881142aa403674d1a86b9a1e

SHA1
e17073cada3bc0bdd9e54fa79b483ed08e7a0f05

SHA256
0adcf67932ee6d1ad9206c3f09d48da7e89ba714645340e7e6ce6cb399d410b6

SHA512
ae1ac5a9e053eba6360d6aa8c344c5778095765827469faaabae76b612c6c7a8185de33405c5ce9b1f6acaa2e6895c84adcd69dfd94d0167c87397018fdba141

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe

Filesize
184KB

MD5
d2cefcb30893591c2d625b302e6e3a1d

SHA1
f1dee97253750859a4f3dc429d87a6255879fd63

SHA256
90ed7ced056b4ad891a3e05817f9c5700be994ea313e3d0d9b0810eaa41bd954

SHA512
a09e53a971f5d4e5d347be7cbd2f53eeeb8717b1e97fa47eeab06ce3e371355d7bad5bb1400af5025c6d920755cfba4228262aab8e96f2661a5309947e94816c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe

Filesize
184KB

MD5
682c8f922607c1411407d9a079b5fdec

SHA1
90d308b2ff933e8a9b45c956c9d1baefd684ee77

SHA256
addbd1477116e7a6727d9568ed31338fbf512e8b2103b110651c889556609d5f

SHA512
cef580394f8eb2c25ae697d8c0f9b50168aa74b85496477182792c3413abb16159620a650f57f5fbc5606279e0a029414e82ba8e70a94c91eba4f2bdcade379d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe

Filesize
184KB

MD5
9bd3a86a3b1ad8256d931478de0af9c5

SHA1
cc83a1ecdda21dcb5271d26ba8c4061c68751a77

SHA256
b0e6adee376e7ef34a55a7c3af8b243e66dd016552e108f49bcf1dd6c80de38f

SHA512
ebf6d2ed451563b7cc5e7d8e8a7e414305b621a2bda958ef683effb9f0237b9e5c08d6f2046d74d55cd5154dfbfe9df4bd97e73d601e1b910d70c7183321412f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe

Filesize
184KB

MD5
3f909e530178e4613574fe54c46f3ec6

SHA1
d8c6707a8b6dc9add9b9c27374874af202b2c688

SHA256
b63b07a6d22576533e126b2c4488cc267a73289e6ee51a61b58bc2a0f916242e

SHA512
1571b869a286d1c844677c888ccb33e5615b5941d2e9a8b85229154d39ab1a31f36f9ec0afdc378dc43bf5c5355bfd762c56d913cd167f0d6e8776545a4cb519

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63811.exe

Filesize
184KB

MD5
37ebfe4ecb473a76c5994e1cdc28acde

SHA1
f9a710552d71b286c93800bfee65454d7043d9b5

SHA256
83ccac182ffd921a67ca877bbb37566a77fd37955687b14bb2091db5c798c2f7

SHA512
da9ff410ddcc7f77c796f657f8c64f86fa485d302e67f947668aca6c97e3146e9f169022e6be6e0646d3fe3dec2b51f7ad65ee1556f7eb61f9dc59ffe4ee235a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63852.exe

Filesize
184KB

MD5
c5b23cad77fd7ee5c1d6408a036aa397

SHA1
2e91a62740912eea7153298e343d06f0a7cdfe57

SHA256
b36063c6685842ba1505e9066b19f09f1baa5d9313a25a94541dda50189c9ad9

SHA512
2e53846043089288a85995646d8c40da69028cbd5fcf84043ab78fdd161af9dd0b793e4c578a4a4d34eae5672f27b97c6cf09593def19e1c16240f73c252f18c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6390.exe

Filesize
184KB

MD5
fc23c874f325834a3d957338ea796d8c

SHA1
7ab759fd9adccf9e50dc569c33a25a924221e63b

SHA256
db2952eb2cf9e16dc57efb756f606805ed2a308abeb4e6a1414653a2cebf0871

SHA512
a137c2f6385aac6b858c01ede33dc2eccc10d2e29c7cd63dc178a4fd536a9b2b5ef1df17b56460d5ecbe13cde18d5801f480cf1bf3a3ed271af4c1ce2e31120d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6708.exe

Filesize
184KB

MD5
e706f06d31665f7581b83e481a75fcb1

SHA1
3b0d0bb20d04abcdc6662b951d2a20c2e4266b34

SHA256
9046b20099c2451249e0c93b69b79af3a01299bed4bf20e1323942e16516b836

SHA512
1691aa4787af397ede7912704f1bc8d441c4ef8314bffa814d94967a1423d04d0a762cf3d0cf7f5799bd1480ff69f2be7e6d3c3921a57a4beb3a4d9678553db1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15519.exe

Filesize
184KB

MD5
4cd2b1e9b7f544cbd8446daf81cb15e8

SHA1
a86fa932751d990f2875a781992ca262e2ba1896

SHA256
d25ef8f40858cfc494dfecc4bc6a7c28fe4e2cba0ffbc05bd358163883dad09a

SHA512
6063a08b72da4d5c84d025f6912c7ddeaaa8a74ca2b9b992c9d9f99d0f16b9929364323166940fa5f867dcba2a06e6e9e592364e0952cd41aa484978ea2ea186

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe

Filesize
184KB

MD5
3ebce1bd0abf8d794b976f7dc56e0038

SHA1
5315cb4e3cae5b9b26040b1856a90bbe5ceef56a

SHA256
34f5733f413176e002b56eadbe599a2a34a95f5625a91fb940c510e155c6cb71

SHA512
ae67af008023361e34bad2712685339122c0ac0d9503e895b26487615e5832593e6eca5ba33da3ca6b182abd0244ecf9d9a91250b16b15a7184e58aee8259d8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe

Filesize
184KB

MD5
e0ff3fa67593954193b86e6013332d1f

SHA1
7ca70e07de0645085d1edd27eedfb30802fcb2da

SHA256
134b299af8ce033c31d248181feadd53278917f878cae7e28769a431bc7c165c

SHA512
71f2a509cdd04a57bd87aef9f4396f68733162df20e0e2adf392b5979248216c769abff0a1a93a8b2c347195a5bb2a7d38174f3187405406ba63d398c691f98d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30734.exe

Filesize
184KB

MD5
27ef2d3af47140e61a103eef705ad162

SHA1
3283efa0d093549717188bfb0d587d177b24e247

SHA256
6e01d83d759bd2fed0df756ef300ed03f9baf9c7acd07c10ecea88d421f32ccb

SHA512
27bd79ad86119207ec59ea7b624d145e58684bfa9070f30a0408376abf4e627deeefef3875d58ff601db97639bd9040e508eaad8b73de0e1df5b4c0c6891ecdc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe

Filesize
184KB

MD5
1256a8873802f8ca0248a6aac389da61

SHA1
fcef933296a84e155d84f392d2a81fd1e1f56400

SHA256
06fab18e60fe7838d4a1e875033b145ef86e43fc2c2c4b0b8ba9f3ff78c9f31a

SHA512
ef3335a02081eb37166b160af49d8c9a1e943ebe9a2e4d8a2440f116bad744d00b4e78c963077ca65c553604eeae1cd1f8057a8c09597288d8513ed4e4ad4ea0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe

Filesize
184KB

MD5
f3edc9eab0d9d0926b30e59f618edd32

SHA1
8a6a57bddf446b19c78bf94ffb6a17e32165890e

SHA256
3403b2e66faecbcd39db7f3f415761330376fbe380cff7ed66fcfc7741d7147e

SHA512
9f8c271fc07f906681f39404463b0ce24f7b40850f257cebc5d89a8308ad71456b95c41bf25a978afc8c4800cafe65e72a4c3f98d324854931043b71ef30fd6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51347.exe

Filesize
184KB

MD5
7573007c5070228dddc16dcd3c1b81ca

SHA1
d478ab9c69d319aa9a82063b15499a91a4eca517

SHA256
ac2adb2cec3a2f119047f934d5a9b9371bd27cdfbceee488470d38f0074cfb3c

SHA512
26484b0a70cf904ba19d17568689a759d8d1eb5cb304b5e256764b8fc679a71ec9e030b96857e6a8b6772621c3a9b37e7e4a3ecb74e0b6170d009c22a4e9142c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe

Filesize
184KB

MD5
3b9b608085006436e9436e39a235b58d

SHA1
80a38e931794696a5e31993a1d418d3d36fa49a3

SHA256
eef70f148326bd555603b2547fc859125e6f45534ac5cc7d4f05dcc1e8eebc79

SHA512
fe31fbf68bff58b20af8ea04178098b957cf07d70b25de92be212a3be67bcca4c1655a3422bdc806dff2082b66a737250ddb5119adc7267eded12839ec092f82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe

Filesize
184KB

MD5
f4b71d732ea8602d19ac77b8c3e5f5cb

SHA1
5de960aa247dbd1d305957cd30a62cf3b2c3658c

SHA256
a023500e3028e7fef9bcb729231a32c7d56c4c217552e16e5e08834feb5e4635

SHA512
049437368fed7494d73db83fa00a55ac6e1fa3044617ba9e153f133b35140653486459d74578efc69e1c42247bc97ad1fb7c74904df063e8f27eb2f420dd42ff

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads