c5dbc9be9f230c492851dcf60e5031f79ac6d2171ababcb5e3a70102c1780e25

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe
Size

184KB
MD5

a5dca424813813395821cb0cb7f4de00
SHA1

70f64d0a35ec12da17d0c7a6d8ff0c31f9b84bbc
SHA256

c5dbc9be9f230c492851dcf60e5031f79ac6d2171ababcb5e3a70102c1780e25
SHA512

4f49556110bf91e6d1326b912ce30398815d38bc00caaf4da6d6ae208bd50ac401c913af3ae58e9ae8d77056439c30913694d9aeab532298fc5587d6dd21e796
SSDEEP

3072:BBfnDgoBVqXMdRCYeeoLpJ1uICYdxPPkH+QKW5qNUQUhlnVOFVnT:BBMo64RC7LH1uIkeV0hlnVOFV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2968	Unicorn-3711.exe
3032	Unicorn-57634.exe
2140	Unicorn-11962.exe
2480	Unicorn-53078.exe
2752	Unicorn-26990.exe
2576	Unicorn-46856.exe
1992	Unicorn-5029.exe
2460	Unicorn-13752.exe
1036	Unicorn-29534.exe
760	Unicorn-29534.exe
1168	Unicorn-32226.exe
1600	Unicorn-31719.exe
1308	Unicorn-3685.exe
1688	Unicorn-39887.exe
1752	Unicorn-54832.exe
536	Unicorn-3706.exe
684	Unicorn-18651.exe
2456	Unicorn-38517.exe
2440	Unicorn-24703.exe
3048	Unicorn-57053.exe
1516	Unicorn-1075.exe
844	Unicorn-37208.exe
2020	Unicorn-21195.exe
1924	Unicorn-21195.exe
400	Unicorn-53545.exe
1660	Unicorn-3789.exe
1460	Unicorn-30432.exe
564	Unicorn-45377.exe
2180	Unicorn-65242.exe
1180	Unicorn-6482.exe
1704	Unicorn-2227.exe
2016	Unicorn-37038.exe
1652	Unicorn-17172.exe
2672	Unicorn-15247.exe
2592	Unicorn-62310.exe
2776	Unicorn-36222.exe
2548	Unicorn-13109.exe
2164	Unicorn-48475.exe
2932	Unicorn-64256.exe
1816	Unicorn-33530.exe
1136	Unicorn-29446.exe
2348	Unicorn-40306.exe
1980	Unicorn-58034.exe
2784	Unicorn-64811.exe
2912	Unicorn-43343.exe
2308	Unicorn-52834.exe
784	Unicorn-37889.exe
596	Unicorn-37889.exe
1204	Unicorn-40581.exe
2364	Unicorn-30275.exe
1560	Unicorn-50141.exe
1892	Unicorn-5024.exe
1052	Unicorn-11801.exe
2856	Unicorn-31667.exe
1768	Unicorn-52087.exe
868	Unicorn-1495.exe
2332	Unicorn-17277.exe
2820	Unicorn-58864.exe
1824	Unicorn-41781.exe
2604	Unicorn-44474.exe
2800	Unicorn-49949.exe
2724	Unicorn-11054.exe
2748	Unicorn-25999.exe
2524	Unicorn-45865.exe

Loads dropped DLL 64 IoCs

pid	Process
2880	a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe
2880	a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe
2880	a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe
2880	a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe
2968	Unicorn-3711.exe
2968	Unicorn-3711.exe
2140	Unicorn-11962.exe
2968	Unicorn-3711.exe
2140	Unicorn-11962.exe
2968	Unicorn-3711.exe
3032	Unicorn-57634.exe
3032	Unicorn-57634.exe
2396	WerFault.exe
2396	WerFault.exe
2396	WerFault.exe
2396	WerFault.exe
2396	WerFault.exe
2480	Unicorn-53078.exe
2480	Unicorn-53078.exe
2140	Unicorn-11962.exe
2140	Unicorn-11962.exe
2576	Unicorn-46856.exe
2752	Unicorn-26990.exe
2576	Unicorn-46856.exe
2752	Unicorn-26990.exe
3032	Unicorn-57634.exe
3032	Unicorn-57634.exe
1780	WerFault.exe
1780	WerFault.exe
1780	WerFault.exe
1780	WerFault.exe
2760	WerFault.exe
1780	WerFault.exe
2760	WerFault.exe
2760	WerFault.exe
2760	WerFault.exe
2760	WerFault.exe
1992	Unicorn-5029.exe
1992	Unicorn-5029.exe
2480	Unicorn-53078.exe
2480	Unicorn-53078.exe
1036	Unicorn-29534.exe
1036	Unicorn-29534.exe
2576	Unicorn-46856.exe
2576	Unicorn-46856.exe
760	Unicorn-29534.exe
760	Unicorn-29534.exe
2752	Unicorn-26990.exe
2752	Unicorn-26990.exe
1168	Unicorn-32226.exe
1168	Unicorn-32226.exe
348	WerFault.exe
348	WerFault.exe
348	WerFault.exe
348	WerFault.exe
348	WerFault.exe
2372	WerFault.exe
2372	WerFault.exe
2372	WerFault.exe
2372	WerFault.exe
680	WerFault.exe
680	WerFault.exe
680	WerFault.exe
680	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2716	2880	WerFault.exe	27
2396	2968	WerFault.exe	28
1780	2140	WerFault.exe	30
2760	3032	WerFault.exe	29
348	2480	WerFault.exe	32
680	2752	WerFault.exe	33
2372	2576	WerFault.exe	34
2172	2180	WerFault.exe	63
1724	1992	WerFault.exe	36
2568	1036	WerFault.exe	38
2708	2460	WerFault.exe	37
2692	760	WerFault.exe	39
2624	1168	WerFault.exe	40
948	1600	WerFault.exe	43
2412	1308	WerFault.exe	44
1500	1752	WerFault.exe	46
576	1688	WerFault.exe	45
1916	684	WerFault.exe	48
3044	2456	WerFault.exe	49
1696	2440	WerFault.exe	53
2428	3048	WerFault.exe	54
688	844	WerFault.exe	56
308	2020	WerFault.exe	57
872	1924	WerFault.exe	58
1996	400	WerFault.exe	59
2768	1660	WerFault.exe	60
3024	1180	WerFault.exe	64
2948	564	WerFault.exe	62
2612	1460	WerFault.exe	61
2252	2052	WerFault.exe	137
1928	1324	WerFault.exe	154
876	536	WerFault.exe	47
1764	1704	WerFault.exe	67
1580	2016	WerFault.exe	68
1048	1652	WerFault.exe	69
2508	2672	WerFault.exe	74
3028	2592	WerFault.exe	75
1060	2776	WerFault.exe	76
3116	2548	WerFault.exe	77
3132	2164	WerFault.exe	78
3180	2932	WerFault.exe	79
3260	1980	WerFault.exe	83
3280	2348	WerFault.exe	81
3272	1816	WerFault.exe	80
3292	1136	WerFault.exe	82
3320	2784	WerFault.exe	84
3692	320	WerFault.exe	138
3904	2912	WerFault.exe	87
3960	2308	WerFault.exe	88
3980	596	WerFault.exe	90
4008	784	WerFault.exe	89
4040	2604	WerFault.exe	106
3336	2920	WerFault.exe	111
3404	2748	WerFault.exe	109
3708	2724	WerFault.exe	108
3684	1560	WerFault.exe	97
3860	2904	WerFault.exe	117
3976	2524	WerFault.exe	110
3192	1968	WerFault.exe	118
3328	2856	WerFault.exe	100
3748	284	WerFault.exe	120
3600	1824	WerFault.exe	105
4108	2808	WerFault.exe	112
4140	1768	WerFault.exe	101

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2880	a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe
2968	Unicorn-3711.exe
2140	Unicorn-11962.exe
3032	Unicorn-57634.exe
2480	Unicorn-53078.exe
2752	Unicorn-26990.exe
2576	Unicorn-46856.exe
1992	Unicorn-5029.exe
2460	Unicorn-13752.exe
1036	Unicorn-29534.exe
760	Unicorn-29534.exe
1168	Unicorn-32226.exe
1600	Unicorn-31719.exe
1308	Unicorn-3685.exe
1688	Unicorn-39887.exe
1752	Unicorn-54832.exe
684	Unicorn-18651.exe
2456	Unicorn-38517.exe
536	Unicorn-3706.exe
2440	Unicorn-24703.exe
3048	Unicorn-57053.exe
844	Unicorn-37208.exe
2020	Unicorn-21195.exe
400	Unicorn-53545.exe
1924	Unicorn-21195.exe
1660	Unicorn-3789.exe
1180	Unicorn-6482.exe
564	Unicorn-45377.exe
2180	Unicorn-65242.exe
1460	Unicorn-30432.exe
1704	Unicorn-2227.exe
2016	Unicorn-37038.exe
1652	Unicorn-17172.exe
2672	Unicorn-15247.exe
2592	Unicorn-62310.exe
2776	Unicorn-36222.exe
2548	Unicorn-13109.exe
2164	Unicorn-48475.exe
2932	Unicorn-64256.exe
2348	Unicorn-40306.exe
1816	Unicorn-33530.exe
1136	Unicorn-29446.exe
1980	Unicorn-58034.exe
2784	Unicorn-64811.exe
2912	Unicorn-43343.exe
2308	Unicorn-52834.exe
596	Unicorn-37889.exe
784	Unicorn-37889.exe
1204	Unicorn-40581.exe
2364	Unicorn-30275.exe
1560	Unicorn-50141.exe
1892	Unicorn-5024.exe
1052	Unicorn-11801.exe
2856	Unicorn-31667.exe
868	Unicorn-1495.exe
1768	Unicorn-52087.exe
2332	Unicorn-17277.exe
2820	Unicorn-58864.exe
1824	Unicorn-41781.exe
2604	Unicorn-44474.exe
2800	Unicorn-49949.exe
2724	Unicorn-11054.exe
2748	Unicorn-25999.exe
2920	Unicorn-45865.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 2968	2880	a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe	28
PID 2880 wrote to memory of 2968	2880	a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe	28
PID 2880 wrote to memory of 2968	2880	a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe	28
PID 2880 wrote to memory of 2968	2880	a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe	28
PID 2880 wrote to memory of 3032	2880	a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe	29
PID 2880 wrote to memory of 3032	2880	a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe	29
PID 2880 wrote to memory of 3032	2880	a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe	29
PID 2880 wrote to memory of 3032	2880	a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe	29
PID 2968 wrote to memory of 2140	2968	Unicorn-3711.exe	30
PID 2968 wrote to memory of 2140	2968	Unicorn-3711.exe	30
PID 2968 wrote to memory of 2140	2968	Unicorn-3711.exe	30
PID 2968 wrote to memory of 2140	2968	Unicorn-3711.exe	30
PID 2880 wrote to memory of 2716	2880	a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe	31
PID 2880 wrote to memory of 2716	2880	a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe	31
PID 2880 wrote to memory of 2716	2880	a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe	31
PID 2880 wrote to memory of 2716	2880	a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe	31
PID 2140 wrote to memory of 2480	2140	Unicorn-11962.exe	32
PID 2140 wrote to memory of 2480	2140	Unicorn-11962.exe	32
PID 2140 wrote to memory of 2480	2140	Unicorn-11962.exe	32
PID 2140 wrote to memory of 2480	2140	Unicorn-11962.exe	32
PID 2968 wrote to memory of 2752	2968	Unicorn-3711.exe	33
PID 2968 wrote to memory of 2752	2968	Unicorn-3711.exe	33
PID 2968 wrote to memory of 2752	2968	Unicorn-3711.exe	33
PID 2968 wrote to memory of 2752	2968	Unicorn-3711.exe	33
PID 3032 wrote to memory of 2576	3032	Unicorn-57634.exe	34
PID 3032 wrote to memory of 2576	3032	Unicorn-57634.exe	34
PID 3032 wrote to memory of 2576	3032	Unicorn-57634.exe	34
PID 3032 wrote to memory of 2576	3032	Unicorn-57634.exe	34
PID 2968 wrote to memory of 2396	2968	Unicorn-3711.exe	35
PID 2968 wrote to memory of 2396	2968	Unicorn-3711.exe	35
PID 2968 wrote to memory of 2396	2968	Unicorn-3711.exe	35
PID 2968 wrote to memory of 2396	2968	Unicorn-3711.exe	35
PID 2480 wrote to memory of 1992	2480	Unicorn-53078.exe	36
PID 2480 wrote to memory of 1992	2480	Unicorn-53078.exe	36
PID 2480 wrote to memory of 1992	2480	Unicorn-53078.exe	36
PID 2480 wrote to memory of 1992	2480	Unicorn-53078.exe	36
PID 2140 wrote to memory of 2460	2140	Unicorn-11962.exe	37
PID 2140 wrote to memory of 2460	2140	Unicorn-11962.exe	37
PID 2140 wrote to memory of 2460	2140	Unicorn-11962.exe	37
PID 2140 wrote to memory of 2460	2140	Unicorn-11962.exe	37
PID 2576 wrote to memory of 1036	2576	Unicorn-46856.exe	38
PID 2576 wrote to memory of 1036	2576	Unicorn-46856.exe	38
PID 2576 wrote to memory of 1036	2576	Unicorn-46856.exe	38
PID 2576 wrote to memory of 1036	2576	Unicorn-46856.exe	38
PID 2752 wrote to memory of 760	2752	Unicorn-26990.exe	39
PID 2752 wrote to memory of 760	2752	Unicorn-26990.exe	39
PID 2752 wrote to memory of 760	2752	Unicorn-26990.exe	39
PID 2752 wrote to memory of 760	2752	Unicorn-26990.exe	39
PID 3032 wrote to memory of 1168	3032	Unicorn-57634.exe	40
PID 3032 wrote to memory of 1168	3032	Unicorn-57634.exe	40
PID 3032 wrote to memory of 1168	3032	Unicorn-57634.exe	40
PID 3032 wrote to memory of 1168	3032	Unicorn-57634.exe	40
PID 2140 wrote to memory of 1780	2140	Unicorn-11962.exe	41
PID 2140 wrote to memory of 1780	2140	Unicorn-11962.exe	41
PID 2140 wrote to memory of 1780	2140	Unicorn-11962.exe	41
PID 2140 wrote to memory of 1780	2140	Unicorn-11962.exe	41
PID 3032 wrote to memory of 2760	3032	Unicorn-57634.exe	42
PID 3032 wrote to memory of 2760	3032	Unicorn-57634.exe	42
PID 3032 wrote to memory of 2760	3032	Unicorn-57634.exe	42
PID 3032 wrote to memory of 2760	3032	Unicorn-57634.exe	42
PID 1992 wrote to memory of 1600	1992	Unicorn-5029.exe	43
PID 1992 wrote to memory of 1600	1992	Unicorn-5029.exe	43
PID 1992 wrote to memory of 1600	1992	Unicorn-5029.exe	43
PID 1992 wrote to memory of 1600	1992	Unicorn-5029.exe	43

C:\Users\Admin\AppData\Local\Temp\a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a5dca424813813395821cb0cb7f4de00_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53078.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5029.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31719.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24703.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2227.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43343.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43125.exe
        10⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        11⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57645.exe
        12⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
        13⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44882.exe
        14⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7253.exe
        15⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62682.exe
        16⤵
        
        PID:13260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9420 -s 216
        16⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 220
        15⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 236
        14⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        13⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41152.exe
        12⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55380.exe
        13⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58255.exe
        14⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        15⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9404 -s 204
        15⤵
        
        PID:13008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 220
        14⤵
        
        PID:10444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        13⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 220
        12⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23389.exe
        11⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        12⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
        13⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56802.exe
        14⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11483.exe
        15⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
        15⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
        14⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 236
        13⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 236
        12⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        11⤵
        Program crash
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
        10⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-276.exe
        11⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        12⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36330.exe
        13⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25007.exe
        14⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
        15⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 204
        15⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
        14⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
        13⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
        12⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
        11⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
        10⤵
        Program crash
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49902.exe
        9⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        10⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55507.exe
        11⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19986.exe
        12⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34083.exe
        13⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe
        14⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11156.exe
        15⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 216
        15⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
        14⤵
        
        PID:10576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        13⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
        12⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        11⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22516.exe
        12⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
        13⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55505.exe
        14⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 216
        14⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
        13⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
        12⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
        11⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-831.exe
        10⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        11⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42936.exe
        12⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe
        13⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2137.exe
        14⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9264 -s 204
        14⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 220
        13⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        12⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        11⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
        10⤵
        Program crash
        
        PID:3192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
        9⤵
        Program crash
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-146.exe
        9⤵
        
        PID:284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 240
        10⤵
        Program crash
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4640.exe
        9⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6882.exe
        10⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46820.exe
        11⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38551.exe
        12⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        13⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        14⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 216
        14⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
        13⤵
        
        PID:10856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
        12⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        11⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
        10⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
        9⤵
        Program crash
        
        PID:3960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
        8⤵
        Program crash
        
        PID:1696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
        7⤵
        Program crash
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37889.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53670.exe
        10⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        11⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29005.exe
        12⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42884.exe
        13⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        14⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
        15⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 236
        14⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
        13⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        12⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
        11⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42055.exe
        10⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45533.exe
        11⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54752.exe
        12⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        13⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22600.exe
        14⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
        13⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        12⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        11⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 220
        10⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        9⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
        10⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31286.exe
        11⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56745.exe
        12⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
        13⤵
        
        PID:10504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 216
        13⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 236
        12⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        11⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
        10⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 240
        9⤵
        Program crash
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-701.exe
        8⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
        9⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
        10⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        11⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17140.exe
        12⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21899.exe
        13⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 236
        13⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
        12⤵
        
        PID:10148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        11⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
        10⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
        9⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45868.exe
        10⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23746.exe
        11⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21899.exe
        12⤵
        
        PID:11772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 236
        12⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
        11⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 236
        10⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 220
        9⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 220
        8⤵
        Program crash
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        8⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30379.exe
        9⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1052.exe
        10⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54975.exe
        10⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34436.exe
        11⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48048.exe
        12⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
        12⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
        11⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 220
        10⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 236
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38464.exe
        8⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22508.exe
        9⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
        10⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
        11⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        12⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 220
        12⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
        11⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        10⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        9⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 240
        8⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
        7⤵
        Program crash
        
        PID:2428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
        6⤵
        Program crash
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
        6⤵
        Executes dropped EXE
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37889.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30873.exe
        8⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51340.exe
        9⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
        10⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16094.exe
        11⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe
        12⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9246.exe
        13⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        14⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9296 -s 216
        14⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 220
        13⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        12⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        11⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
        10⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
        10⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
        11⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 212
        12⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        11⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        10⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        9⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        9⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
        10⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        11⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13522.exe
        12⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52272.exe
        13⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 220
        13⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
        12⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
        11⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        10⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
        9⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
        8⤵
        Program crash
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4785.exe
        7⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
        8⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57837.exe
        9⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
        10⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
        11⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23165.exe
        12⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10347.exe
        13⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 236
        12⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
        11⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
        10⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
        9⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19497.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
        9⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
        10⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35697.exe
        11⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
        12⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9372 -s 204
        12⤵
        
        PID:12460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 220
        11⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 236
        10⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
        9⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 220
        8⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        7⤵
        Program crash
        
        PID:1048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 240
        6⤵
        Program crash
        
        PID:2412
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37208.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15247.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2969.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43940.exe
        9⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34760.exe
        10⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50611.exe
        11⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
        12⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16632.exe
        13⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9740 -s 216
        13⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 216
        12⤵
        
        PID:10764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
        11⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
        10⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
        9⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50717.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60442.exe
        9⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
        10⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
        11⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        12⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9224 -s 216
        12⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
        11⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        10⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
        9⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
        8⤵
        Program crash
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        7⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33634.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        9⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25505.exe
        10⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34602.exe
        11⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        12⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 236
        12⤵
        
        PID:840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 220
        11⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
        10⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        9⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 236
        8⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        7⤵
        Program crash
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        7⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
        9⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe
        10⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58655.exe
        11⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 216
        11⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
        10⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        9⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
        8⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24951.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26976.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
        9⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13605.exe
        10⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        11⤵
        
        PID:13120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9536 -s 216
        11⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 220
        10⤵
        
        PID:10820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        9⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        8⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
        7⤵
        
        PID:4860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 240
        6⤵
        Program crash
        
        PID:688
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        5⤵
        Program crash
        
        PID:2708
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26990.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29534.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3706.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65242.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 200
        7⤵
        Program crash
        
        PID:2172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
        6⤵
        Program crash
        
        PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6482.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58864.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17936.exe
        7⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        9⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61109.exe
        10⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        11⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
        12⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 204
        12⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 220
        11⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
        10⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
        9⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
        8⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-447.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2087.exe
        8⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49324.exe
        9⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58084.exe
        10⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13626.exe
        11⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
        12⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 236
        11⤵
        
        PID:11812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        10⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 220
        10⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        9⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        7⤵
        
        PID:5092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 236
        6⤵
        Program crash
        
        PID:3024
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 220
        5⤵
        Program crash
        
        PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3789.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45865.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        8⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-141.exe
        10⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
        11⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        12⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
        13⤵
        
        PID:12364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 216
        13⤵
        
        PID:12756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
        12⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
        11⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        10⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
        9⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
        8⤵
        Program crash
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58304.exe
        9⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
        10⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38219.exe
        11⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
        12⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9568 -s 216
        12⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
        11⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        10⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
        9⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
        8⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
        7⤵
        Program crash
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe
        6⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32565.exe
        8⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        9⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44498.exe
        10⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe
        11⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        12⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9432 -s 204
        12⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 216
        11⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
        10⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
        9⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 216
        8⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        7⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
        8⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14238.exe
        9⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50471.exe
        10⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29714.exe
        11⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 216
        11⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
        10⤵
        
        PID:10624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        9⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        8⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
        7⤵
        Program crash
        
        PID:4108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
        6⤵
        Program crash
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        7⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32622.exe
        9⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
        10⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
        11⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64524.exe
        12⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9900 -s 216
        12⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
        11⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
        10⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        9⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 216
        8⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
        9⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3517.exe
        10⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        11⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
        11⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
        10⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
        9⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
        8⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
        7⤵
        Program crash
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45133.exe
        6⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17935.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
        8⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29776.exe
        9⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33082.exe
        10⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 216
        10⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
        9⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        8⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 216
        7⤵
        
        PID:5308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
        6⤵
        Program crash
        
        PID:3280
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 240
        5⤵
        Program crash
        
        PID:1916
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:680
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57634.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57634.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46856.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29534.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62310.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
        9⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe
        10⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30676.exe
        11⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-787.exe
        12⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
        13⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        14⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
        13⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        11⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 216
        10⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
        9⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8117.exe
        10⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1986.exe
        11⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        12⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
        13⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9316 -s 216
        13⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
        12⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 220
        11⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
        10⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
        9⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        8⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        9⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21932.exe
        10⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-149.exe
        11⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        12⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe
        13⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8676 -s 220
        13⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
        12⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 236
        11⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
        10⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
        9⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        8⤵
        Program crash
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
        8⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 188
        9⤵
        Program crash
        
        PID:2252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 236
        8⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        7⤵
        Program crash
        
        PID:308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36222.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31667.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35772.exe
        9⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        10⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
        11⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 220
        12⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
        11⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        10⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
        9⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
        9⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25099.exe
        10⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3600.exe
        11⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-980.exe
        12⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 204
        12⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 216
        11⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
        10⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        9⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        8⤵
        Program crash
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        7⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        8⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe
        9⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28821.exe
        10⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
        11⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
        12⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 216
        12⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
        11⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
        10⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        9⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
        8⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
        7⤵
        Program crash
        
        PID:1060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 220
        6⤵
        Program crash
        
        PID:576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53545.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42440.exe
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5922.exe
        9⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38844.exe
        10⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        11⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3792.exe
        12⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
        13⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 204
        13⤵
        
        PID:12328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 220
        12⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
        11⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 216
        9⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7541.exe
        9⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50912.exe
        10⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
        11⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9345.exe
        12⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 216
        12⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 236
        11⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 236
        10⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
        9⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
        8⤵
        Program crash
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe
        7⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7629.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17088.exe
        9⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        10⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        11⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 216
        11⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
        10⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
        9⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 236
        8⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
        7⤵
        Program crash
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44474.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11713.exe
        7⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55123.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14339.exe
        9⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63055.exe
        10⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
        11⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47601.exe
        11⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36424.exe
        12⤵
        
        PID:12376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 216
        12⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 212
        11⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        10⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        9⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 216
        8⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
        7⤵
        Program crash
        
        PID:4040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 240
        6⤵
        Program crash
        
        PID:1996
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
        5⤵
        Program crash
        
        PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54832.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52087.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22020.exe
        8⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49970.exe
        9⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38460.exe
        10⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44498.exe
        11⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42412.exe
        12⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54929.exe
        13⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 204
        13⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
        12⤵
        
        PID:9760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        11⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 236
        10⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 216
        9⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14339.exe
        9⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59163.exe
        10⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38027.exe
        11⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38427.exe
        12⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9792 -s 236
        12⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 220
        11⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 236
        10⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
        9⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
        8⤵
        Program crash
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        7⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61153.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46820.exe
        9⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        10⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        11⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
        12⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 216
        12⤵
        
        PID:996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 220
        11⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
        10⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        9⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
        8⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
        7⤵
        Program crash
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1495.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31558.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38787.exe
        8⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30183.exe
        9⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe
        10⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18183.exe
        11⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
        12⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 204
        12⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 220
        11⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
        10⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        9⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
        8⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
        7⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65486.exe
        8⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
        9⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39589.exe
        10⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49859.exe
        11⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9468 -s 204
        11⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
        10⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
        9⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
        8⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 240
        7⤵
        
        PID:4188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        6⤵
        Program crash
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12206.exe
        7⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9129.exe
        8⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61786.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15608.exe
        10⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        11⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
        12⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9704 -s 216
        12⤵
        
        PID:12736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 220
        11⤵
        
        PID:10708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        10⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        9⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
        7⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28730.exe
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
        9⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20835.exe
        10⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
        11⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
        10⤵
        
        PID:11332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
        9⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        8⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
        7⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7608.exe
        6⤵
        
        PID:320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
        7⤵
        Program crash
        
        PID:3692
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        6⤵
        Program crash
        
        PID:3132
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
        5⤵
        Program crash
        
        PID:1500
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38517.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30432.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58034.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49949.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64998.exe
        8⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 188
        9⤵
        Program crash
        
        PID:1928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe
        8⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        9⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50284.exe
        10⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10336.exe
        11⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
        12⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 216
        11⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
        10⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        9⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 216
        8⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
        7⤵
        Program crash
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35471.exe
        8⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32814.exe
        9⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
        10⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38219.exe
        11⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25438.exe
        12⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9576 -s 216
        12⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
        11⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        10⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        9⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
        8⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
        7⤵
        Program crash
        
        PID:3404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 240
        6⤵
        Program crash
        
        PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64811.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
        6⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32565.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe
        9⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        10⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe
        11⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
        12⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9596 -s 216
        12⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
        11⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
        10⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        9⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
        8⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29035.exe
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
        8⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5084.exe
        9⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46278.exe
        10⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        11⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 216
        11⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 220
        10⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
        9⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        8⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
        7⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        6⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        8⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24078.exe
        9⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
        10⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37031.exe
        11⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9232 -s 216
        11⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
        10⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 236
        9⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
        8⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 236
        7⤵
        
        PID:4380
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        6⤵
        Program crash
        
        PID:3320
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
        5⤵
        Program crash
        
        PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45865.exe
        6⤵
        Executes dropped EXE
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30188.exe
        7⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        8⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35746.exe
        9⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50611.exe
        10⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
        11⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13678.exe
        12⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 216
        12⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
        11⤵
        
        PID:10560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
        10⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        9⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
        8⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42548.exe
        7⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
        8⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
        9⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
        10⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40404.exe
        11⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 204
        11⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 216
        10⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        9⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        8⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        7⤵
        Program crash
        
        PID:3976
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 236
        6⤵
        Program crash
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
        5⤵
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
        6⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53177.exe
        7⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
        8⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39489.exe
        9⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
        10⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23539.exe
        11⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 204
        11⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
        10⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
        9⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
        8⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 236
        7⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
        6⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19253.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39511.exe
        8⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
        9⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        10⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 216
        10⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
        9⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
        8⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        7⤵
        
        PID:6496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
        6⤵
        
        PID:4692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 240
        5⤵
        Program crash
        
        PID:2948
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
      4⤵
      Program crash
      PID:2624
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2760
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
  2⤵
  - Program crash
  PID:2716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe

Filesize
184KB

MD5
a093c3127c4a1dd15b21b174f26f0174

SHA1
b6bf74aacd5739f4b9aee0133d21b917e9000c47

SHA256
96bb5c92da27bac9ed9f03459dcb0916eec984f048d9fa1b41288e80b956fff4

SHA512
668df6e417509735aa23d1ac791c8aee8ec70a58d58676ddc2a641f614b621992b0d63854f2eb3f078f26f8136160f817ccc7c9ec36158e350cc95881f53de1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe

Filesize
184KB

MD5
d41d43c397f1c0a6c07d8252170c0eab

SHA1
0abe001a9c0e6c3feba86a8b86c49bb151e80d64

SHA256
46d16fe4ee902f121b0a123c2a46e9fb7b031935fbd6cb476918188df73916d2

SHA512
05296ae2c641707511c398e413d4d563a6583ac6fff0bb2980896c4f2f4c5c1736791e3e45685be500c311b6c38de545189695ea0266f1fa6e5645ee3b6eeb42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe

Filesize
184KB

MD5
6b4e7dd68b322ba73f916fc49339e3ea

SHA1
6e142650af3c3e21e1d2982e0624f0cc940593cd

SHA256
927d242e4f8a3ab06bbf52d7c3fb45017d2ab23a6505587b8a182a0873e2dabb

SHA512
cc1829072640b7f398b1993214879dec925e2288ef1a38e0d4eda60cadaf8e98de105c9737113ab9a302ae09fea6bdfcdf4bc3cc90db0b5719b2425f2b6f3e32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe

Filesize
184KB

MD5
9ab2318c26b2b9bd0c49d1f25c0d369b

SHA1
ba1277ec805a5890a33dca1da83e71595a4310d7

SHA256
216ae7191f9b50859c8ed10c1c422d43458b8cca45de783cba25ce4f30eeae33

SHA512
8703921055bf70f8e0a9a60d32c023eed7d43c9ce7ff22312b50102e01dc6cdaf7eacbe3a150c413cb684e336dd92206b1f20affe5e74e68451c4804f01a9c51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe

Filesize
184KB

MD5
cca33559470c606f3850f34d791e7988

SHA1
20fabceaf4e52c9b6b60afdbed10ad4b8c5799f9

SHA256
d33506397d5a564152120197465ed0c1dbcb8e0600aa8b90550bac43e7b4f943

SHA512
6c799c6f15f02ed41b71a6af09297547323047ea1e4cd265173c5516f1511c1429ca2e5962d8d841345dc294043c77862eda53d7577d1130c8e75672ab344875

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45533.exe

Filesize
184KB

MD5
94e06a9fc65aa5247943f53320fb1546

SHA1
c36a2eb695da45431db632c911069841b983019c

SHA256
a3eab74a5b0cb10621f19b784916e94c4c4e04dba356afc5c2d63ff937a3200d

SHA512
07b039c1fabd86f0a3777bf27efed5ca34c25f84fef6981cc30ee98c4086b19155c7a0ef1f40217bb37845cb0b9cf3209ca231561e28c7517739d65c6f482f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5029.exe

Filesize
184KB

MD5
e0766b00e23d271a0e8f902091a4fe8b

SHA1
6538347877488554e8e140222bbbcdea8a8564fe

SHA256
da17a15aebfcee8da024f39ae830caf1a3fd68a11e9628688b081c7b9882a110

SHA512
45f9dea6f625376371c74692dce675e586628ba1b92126289aa88552a02f756e33fc63321f3525c0838826a12a78d53059988f5c57dc6748bc0a2538bdcf9cba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe

Filesize
184KB

MD5
11c0a287cdb80d36e507a306a213c578

SHA1
18717afd4e1797e8e419636a43d2a18c2860f7e2

SHA256
53bcaeb1aed8f255ac7c057aa0d5734a6e4e5137cae09ce0dcbd0afb233124e2

SHA512
523c804e4b98e42f1199305fafc8b0f2fbc1d1c99ca88c260e5833b1632736970ca4830071731defa9360767c73fe24e8ac0d8f155a24417055d7bcca921e63c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26990.exe

Filesize
184KB

MD5
ea76025f5243e33b7fb1d75882013f2a

SHA1
2d3d1371f7f61629494e0999f794c72c977e128d

SHA256
bcde92df7e39ed37f4d797f32561436b2e7bdd8a9328c4ef3eca28d2ee793da1

SHA512
fd732cf2eb9fcf4b5f2c78b8c937f48c34eaf1c819ec8a11bc4835012cbd5ac641bd989171149e4dbfa252431f17c138684abe67f4747f073ead0e2fd8d3f98c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29534.exe

Filesize
184KB

MD5
5d789882e4d148c1a5914c521effa8ba

SHA1
2ad3d9012f743d47dfaf51b467c342a5b2917b10

SHA256
22dafeb29b84cf7c0ac57ef0edd36bc848919323d3fa1419a341b925b2864523

SHA512
f1b921858c36f0c9c844cd12ce71d5b00a6687718e906a4739bf2037e2cf1d77fabba139e0a8b675e66833696778548df4081439b11fb440c06f5c0a7c8beabc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31719.exe

Filesize
184KB

MD5
c2bce9945e127672614f4ff871a45d5f

SHA1
47e1184a40a4a677eeabf6c648ac5ec4683415fb

SHA256
a6b2e39e4d1b7b07c767b870b8776ad0b4e965a63cf72dcbdf42a702cb00e83d

SHA512
f82721e859fed4e440c27b6e78b8c62e6057dda6d5dae62f790d1a5d00675a3e8c7dcdf16f7fe1f273c8e80c5f023e0e8fd0a4d5e4359416da16db9f409d41e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe

Filesize
184KB

MD5
647254f8813dca8ff9244b9f09e5086a

SHA1
7567f6f98985a1ddd15f967a7f6e43adffea6b5d

SHA256
90bc01f5fe08332373f12d06d16f39c754c2b3870706a0534cfae22355a5069a

SHA512
15233d47abb54ebf0f458b0154bc20fa732f91ae673c129262b5cbf469eb52287f6090fae5beba87143b9fbbb3a1e779bac7728de2d2efc5b7542eef6459d29a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe

Filesize
184KB

MD5
06bd8e40d45e8d477e25265115f19b4a

SHA1
d65a908c2a9dd3099baae37d6f7a57cac333b77c

SHA256
8a38355ce6fafbf98ba6919df7cf894fda36b447fe17242e06505ae54d68be8c

SHA512
c24bbb30d3c4d4c1e8dc5dfd280cb2fe647774857da41e86cfa9fb14ae5bb35468d80800a5b3f95052c488bd70c38462de54fbe9400a2a6d25bdbc25b7300c60

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe

Filesize
184KB

MD5
a2c0c85a95d934d836326f2f2ba41775

SHA1
d62fa1f9e12ff01ccc16f3c571477b3a02b51812

SHA256
0bac9cd5a947dcfa8810a1b83369e5f5943838a8624cd3a91f99c567fb76f23a

SHA512
561571d5a59ff930f1b7003bfde59e6cd562fb89932b09b78ecf3851f139316de15ef5ae086f406135a61dad1f82a346195193d0fd13947cd852ebd04288cb6b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe

Filesize
184KB

MD5
94d6b37635bcdaf319fed496636a1c0b

SHA1
15ccc29cce0c5703a709918b1d5348c8f075d5da

SHA256
ad893453ec840634ef70ecc54064101a84b2d12142ab9d87b1cf7df5f0581ad0

SHA512
fd23b23c4ccfd4867e28b6106c7626fea031a3508ad61056a9fb54b99df1ba5f5d9311d0e6b36e3ed4a6be22546e7c24f1e0e2e761a44bbfbc216bef0c389cde

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46856.exe

Filesize
184KB

MD5
54fb05164b217b966754ad419e316101

SHA1
b279b728d65162f299c680bdf1e25e996e7417d3

SHA256
2c347f5011691961b77aecb99516bc25b11c01a0030e0b47b395518378febf16

SHA512
352f6e0f210cd8301b1df80514d7a0ab42aa362f32a8ebbf37709bf9b2d667672ba71f6ea9bbc4e447c5a3ce743d01522619dbdfabaeed5fad0c4b582ed1d441

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53078.exe

Filesize
184KB

MD5
11bafcad450f39a57d5f18fe0e7a11c7

SHA1
b84deda5a918a293aa909ee4e2818ff2738d90a2

SHA256
c99a881ed33c7f7bd7aa97cbf5d757b87eea5da34ff315b241b0a449cea62f6f

SHA512
d9ee1e9f5d5945ea0e3555fc5e9067a0e0b6e03ca6cb8058d1faad9c9251598c72fa752f49a44cc2389f2c503ead660ff3b3f375398a39e136c0d312ecc496ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57634.exe

Filesize
184KB

MD5
ff5a6f43fef8346aeb41907cd7093d88

SHA1
2ad24f39ba16b3ad7439317bd3e3cb5776cdf063

SHA256
179f86d6db01d1937115c8d551df3a16889dff4c9036e1f466a80195ea14dc31

SHA512
9c04b33725e2c9ced1cff222ccafc66c669b967ba8bdad24169b2a67d42b96c9b1eb14add961e9f853fe0898959784aa5e4bdefee2b4812f6b20e8de930995bb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads