df670a8769daf8a411a446f9960a40d3cd7c6a2c8299bcdccc6936814d851cad

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe
Size

184KB
MD5

623f0bd50cbde5af0235916a61af2590
SHA1

143c04037725675ea725f570f6be9755e19dd575
SHA256

df670a8769daf8a411a446f9960a40d3cd7c6a2c8299bcdccc6936814d851cad
SHA512

ca432b7f01b5df2c5aeca32ed35f4fb6895bfcf3edafe2e41b2d697df824fec90166ca76e51a2b1bbe3413c83c4abad6525b99a5e0d3040d35a6dd484bdd02f9
SSDEEP

3072:vOsgXmoTVqWMdwftWES8ZobWcvnlnviFhn3:vOKoN4wfU86bWcPlnviFh

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3052	Unicorn-7283.exe
2592	Unicorn-27611.exe
2712	Unicorn-56946.exe
2532	Unicorn-55130.exe
2588	Unicorn-1523.exe
2488	Unicorn-22074.exe
2764	Unicorn-57860.exe
2244	Unicorn-38679.exe
1752	Unicorn-8467.exe
1736	Unicorn-54139.exe
384	Unicorn-58545.exe
2220	Unicorn-8218.exe
2192	Unicorn-54959.exe
2732	Unicorn-7834.exe
324	Unicorn-8903.exe
564	Unicorn-21518.exe
576	Unicorn-7642.exe
1424	Unicorn-7642.exe
668	Unicorn-36977.exe
1148	Unicorn-20090.exe
3056	Unicorn-20090.exe
2896	Unicorn-58662.exe
972	Unicorn-55642.exe
472	Unicorn-39306.exe
112	Unicorn-51921.exe
928	Unicorn-51921.exe
2860	Unicorn-22394.exe
2096	Unicorn-51729.exe
1224	Unicorn-6057.exe
1948	Unicorn-55258.exe
1444	Unicorn-38922.exe
1852	Unicorn-2336.exe
2580	Unicorn-20910.exe
2604	Unicorn-32839.exe
2576	Unicorn-36369.exe
2372	Unicorn-17572.exe
2600	Unicorn-60702.exe
2440	Unicorn-60318.exe
1488	Unicorn-55912.exe
2672	Unicorn-42721.exe
2080	Unicorn-6327.exe
1784	Unicorn-42337.exe
2064	Unicorn-58481.exe
2208	Unicorn-22279.exe
1288	Unicorn-57604.exe
780	Unicorn-58289.exe
1888	Unicorn-41953.exe
2268	Unicorn-38423.exe
2148	Unicorn-53883.exe
1968	Unicorn-8211.exe
1992	Unicorn-54952.exe
2216	Unicorn-9280.exe
792	Unicorn-43764.exe
1696	Unicorn-42856.exe
2172	Unicorn-55855.exe
1036	Unicorn-9607.exe
1544	Unicorn-38942.exe
1524	Unicorn-58808.exe
2620	Unicorn-42088.exe
2088	Unicorn-11034.exe
2796	Unicorn-60043.exe
2120	Unicorn-56130.exe
2788	Unicorn-59275.exe
2128	Unicorn-6353.exe

Loads dropped DLL 64 IoCs

pid	Process
2868	623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe
2868	623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe
3052	Unicorn-7283.exe
3052	Unicorn-7283.exe
2868	623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe
2868	623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe
2592	Unicorn-27611.exe
3052	Unicorn-7283.exe
2592	Unicorn-27611.exe
3052	Unicorn-7283.exe
2712	Unicorn-56946.exe
2712	Unicorn-56946.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2532	Unicorn-55130.exe
2532	Unicorn-55130.exe
2592	Unicorn-27611.exe
2592	Unicorn-27611.exe
2712	Unicorn-56946.exe
2712	Unicorn-56946.exe
2488	Unicorn-22074.exe
2488	Unicorn-22074.exe
2588	Unicorn-1523.exe
2588	Unicorn-1523.exe
1332	WerFault.exe
1332	WerFault.exe
1332	WerFault.exe
1332	WerFault.exe
1040	WerFault.exe
1040	WerFault.exe
1040	WerFault.exe
1040	WerFault.exe
1332	WerFault.exe
1040	WerFault.exe
2764	Unicorn-57860.exe
2764	Unicorn-57860.exe
2532	Unicorn-55130.exe
2532	Unicorn-55130.exe
2244	Unicorn-38679.exe
2244	Unicorn-38679.exe
1752	Unicorn-8467.exe
1752	Unicorn-8467.exe
2488	Unicorn-22074.exe
2488	Unicorn-22074.exe
384	Unicorn-58545.exe
1736	Unicorn-54139.exe
384	Unicorn-58545.exe
1736	Unicorn-54139.exe
2588	Unicorn-1523.exe
2588	Unicorn-1523.exe
1160	WerFault.exe
1152	WerFault.exe
1160	WerFault.exe
1152	WerFault.exe
1160	WerFault.exe
1160	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
1160	WerFault.exe
3000	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1720	2868	WerFault.exe	27
2436	3052	WerFault.exe	28
1332	2592	WerFault.exe	29
1040	2712	WerFault.exe	30
1160	2588	WerFault.exe	33
1152	2532	WerFault.exe	32
3000	2488	WerFault.exe	34
1540	2764	WerFault.exe	36
2940	1752	WerFault.exe	39
2476	2244	WerFault.exe	37
500	1736	WerFault.exe	38
2324	384	WerFault.exe	40
2332	2192	WerFault.exe	44
1028	2220	WerFault.exe	43
1900	324	WerFault.exe	46
1228	2732	WerFault.exe	45
1728	576	WerFault.exe	49
2700	668	WerFault.exe	50
1988	564	WerFault.exe	47
856	1424	WerFault.exe	48
1860	1148	WerFault.exe	54
1924	3056	WerFault.exe	55
2200	2896	WerFault.exe	56
488	972	WerFault.exe	57
352	472	WerFault.exe	58
1232	928	WerFault.exe	59
3032	1948	WerFault.exe	64
380	112	WerFault.exe	60
2520	1224	WerFault.exe	63
2540	2860	WerFault.exe	61
2388	1444	WerFault.exe	65
344	1852	WerFault.exe	66
2812	2096	WerFault.exe	62
3672	2580	WerFault.exe	72
3752	2372	WerFault.exe	75
3828	1488	WerFault.exe	78
3852	2600	WerFault.exe	76
3868	1968	WerFault.exe	89
3900	2672	WerFault.exe	79
3916	2268	WerFault.exe	86
3932	1888	WerFault.exe	87
3940	2080	WerFault.exe	80
3956	1992	WerFault.exe	90
3964	780	WerFault.exe	85
4008	2216	WerFault.exe	91
4016	2576	WerFault.exe	74
900	2604	WerFault.exe	73
3092	792	WerFault.exe	92
3104	1984	WerFault.exe	151
3356	2208	WerFault.exe	83
3580	1784	WerFault.exe	81
3948	2440	WerFault.exe	77
936	1696	WerFault.exe	98
3784	1544	WerFault.exe	105
3812	2620	WerFault.exe	106
3556	2148	WerFault.exe	88
3748	1596	WerFault.exe	112
3696	2288	WerFault.exe	113
4116	2128	WerFault.exe	111
4188	2276	WerFault.exe	115
4228	2428	WerFault.exe	117
4244	584	WerFault.exe	120
4380	2608	WerFault.exe	128
4484	1000	WerFault.exe	122

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2868	623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe
3052	Unicorn-7283.exe
2592	Unicorn-27611.exe
2712	Unicorn-56946.exe
2588	Unicorn-1523.exe
2532	Unicorn-55130.exe
2488	Unicorn-22074.exe
2764	Unicorn-57860.exe
2244	Unicorn-38679.exe
1752	Unicorn-8467.exe
384	Unicorn-58545.exe
1736	Unicorn-54139.exe
2220	Unicorn-8218.exe
2192	Unicorn-54959.exe
2732	Unicorn-7834.exe
324	Unicorn-8903.exe
576	Unicorn-7642.exe
564	Unicorn-21518.exe
1424	Unicorn-7642.exe
668	Unicorn-36977.exe
1148	Unicorn-20090.exe
3056	Unicorn-20090.exe
2896	Unicorn-58662.exe
972	Unicorn-55642.exe
472	Unicorn-39306.exe
112	Unicorn-51921.exe
928	Unicorn-51921.exe
2860	Unicorn-22394.exe
1224	Unicorn-6057.exe
2096	Unicorn-51729.exe
1948	Unicorn-55258.exe
1444	Unicorn-38922.exe
1852	Unicorn-2336.exe
2580	Unicorn-20910.exe
2372	Unicorn-17572.exe
2604	Unicorn-32839.exe
2576	Unicorn-36369.exe
2600	Unicorn-60702.exe
2440	Unicorn-60318.exe
1488	Unicorn-55912.exe
2672	Unicorn-42721.exe
2080	Unicorn-6327.exe
1784	Unicorn-42337.exe
2208	Unicorn-22279.exe
2064	Unicorn-58481.exe
1288	Unicorn-57604.exe
780	Unicorn-58289.exe
2268	Unicorn-38423.exe
2148	Unicorn-53883.exe
1968	Unicorn-8211.exe
1888	Unicorn-41953.exe
2216	Unicorn-9280.exe
1992	Unicorn-54952.exe
792	Unicorn-43764.exe
1696	Unicorn-42856.exe
2172	Unicorn-55855.exe
1036	Unicorn-9607.exe
1544	Unicorn-38942.exe
1524	Unicorn-58808.exe
2620	Unicorn-42088.exe
2088	Unicorn-11034.exe
2796	Unicorn-60043.exe
2120	Unicorn-56130.exe
2788	Unicorn-59275.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 3052	2868	623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe	28
PID 2868 wrote to memory of 3052	2868	623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe	28
PID 2868 wrote to memory of 3052	2868	623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe	28
PID 2868 wrote to memory of 3052	2868	623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe	28
PID 3052 wrote to memory of 2592	3052	Unicorn-7283.exe	29
PID 3052 wrote to memory of 2592	3052	Unicorn-7283.exe	29
PID 3052 wrote to memory of 2592	3052	Unicorn-7283.exe	29
PID 3052 wrote to memory of 2592	3052	Unicorn-7283.exe	29
PID 2868 wrote to memory of 2712	2868	623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe	30
PID 2868 wrote to memory of 2712	2868	623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe	30
PID 2868 wrote to memory of 2712	2868	623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe	30
PID 2868 wrote to memory of 2712	2868	623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe	30
PID 2868 wrote to memory of 1720	2868	623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe	31
PID 2868 wrote to memory of 1720	2868	623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe	31
PID 2868 wrote to memory of 1720	2868	623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe	31
PID 2868 wrote to memory of 1720	2868	623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe	31
PID 2592 wrote to memory of 2532	2592	Unicorn-27611.exe	32
PID 2592 wrote to memory of 2532	2592	Unicorn-27611.exe	32
PID 2592 wrote to memory of 2532	2592	Unicorn-27611.exe	32
PID 2592 wrote to memory of 2532	2592	Unicorn-27611.exe	32
PID 3052 wrote to memory of 2588	3052	Unicorn-7283.exe	33
PID 3052 wrote to memory of 2588	3052	Unicorn-7283.exe	33
PID 3052 wrote to memory of 2588	3052	Unicorn-7283.exe	33
PID 3052 wrote to memory of 2588	3052	Unicorn-7283.exe	33
PID 2712 wrote to memory of 2488	2712	Unicorn-56946.exe	34
PID 2712 wrote to memory of 2488	2712	Unicorn-56946.exe	34
PID 2712 wrote to memory of 2488	2712	Unicorn-56946.exe	34
PID 2712 wrote to memory of 2488	2712	Unicorn-56946.exe	34
PID 3052 wrote to memory of 2436	3052	Unicorn-7283.exe	35
PID 3052 wrote to memory of 2436	3052	Unicorn-7283.exe	35
PID 3052 wrote to memory of 2436	3052	Unicorn-7283.exe	35
PID 3052 wrote to memory of 2436	3052	Unicorn-7283.exe	35
PID 2532 wrote to memory of 2764	2532	Unicorn-55130.exe	36
PID 2532 wrote to memory of 2764	2532	Unicorn-55130.exe	36
PID 2532 wrote to memory of 2764	2532	Unicorn-55130.exe	36
PID 2532 wrote to memory of 2764	2532	Unicorn-55130.exe	36
PID 2592 wrote to memory of 2244	2592	Unicorn-27611.exe	37
PID 2592 wrote to memory of 2244	2592	Unicorn-27611.exe	37
PID 2592 wrote to memory of 2244	2592	Unicorn-27611.exe	37
PID 2592 wrote to memory of 2244	2592	Unicorn-27611.exe	37
PID 2712 wrote to memory of 1736	2712	Unicorn-56946.exe	38
PID 2712 wrote to memory of 1736	2712	Unicorn-56946.exe	38
PID 2712 wrote to memory of 1736	2712	Unicorn-56946.exe	38
PID 2712 wrote to memory of 1736	2712	Unicorn-56946.exe	38
PID 2488 wrote to memory of 1752	2488	Unicorn-22074.exe	39
PID 2488 wrote to memory of 1752	2488	Unicorn-22074.exe	39
PID 2488 wrote to memory of 1752	2488	Unicorn-22074.exe	39
PID 2488 wrote to memory of 1752	2488	Unicorn-22074.exe	39
PID 2588 wrote to memory of 384	2588	Unicorn-1523.exe	40
PID 2588 wrote to memory of 384	2588	Unicorn-1523.exe	40
PID 2588 wrote to memory of 384	2588	Unicorn-1523.exe	40
PID 2588 wrote to memory of 384	2588	Unicorn-1523.exe	40
PID 2592 wrote to memory of 1332	2592	Unicorn-27611.exe	41
PID 2592 wrote to memory of 1332	2592	Unicorn-27611.exe	41
PID 2592 wrote to memory of 1332	2592	Unicorn-27611.exe	41
PID 2592 wrote to memory of 1332	2592	Unicorn-27611.exe	41
PID 2712 wrote to memory of 1040	2712	Unicorn-56946.exe	42
PID 2712 wrote to memory of 1040	2712	Unicorn-56946.exe	42
PID 2712 wrote to memory of 1040	2712	Unicorn-56946.exe	42
PID 2712 wrote to memory of 1040	2712	Unicorn-56946.exe	42
PID 2764 wrote to memory of 2220	2764	Unicorn-57860.exe	43
PID 2764 wrote to memory of 2220	2764	Unicorn-57860.exe	43
PID 2764 wrote to memory of 2220	2764	Unicorn-57860.exe	43
PID 2764 wrote to memory of 2220	2764	Unicorn-57860.exe	43

C:\Users\Admin\AppData\Local\Temp\623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\623f0bd50cbde5af0235916a61af2590_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7283.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7283.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57860.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8218.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36369.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
        10⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63671.exe
        11⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60613.exe
        12⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28031.exe
        13⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22320.exe
        14⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
        14⤵
        
        PID:12736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
        13⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
        12⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 236
        11⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1896.exe
        10⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61189.exe
        11⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47867.exe
        12⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 220
        13⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
        12⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        11⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
        10⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28709.exe
        9⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
        10⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        11⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7493.exe
        12⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45067.exe
        13⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
        13⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
        12⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
        11⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
        10⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        9⤵
        Program crash
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe
        9⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28101.exe
        10⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
        11⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        12⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe
        13⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 204
        13⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 220
        12⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        11⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
        10⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
        9⤵
        Program crash
        
        PID:3784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
        8⤵
        Program crash
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17572.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42088.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16095.exe
        9⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44520.exe
        10⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45839.exe
        11⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        12⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15331.exe
        13⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 216
        13⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
        12⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        11⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 236
        10⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 216
        9⤵
        Program crash
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28709.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37330.exe
        9⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
        10⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
        11⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
        12⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 216
        12⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
        11⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        10⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
        9⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
        8⤵
        Program crash
        
        PID:3752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        7⤵
        Program crash
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58662.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11034.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        9⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42709.exe
        10⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45512.exe
        11⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29017.exe
        11⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
        12⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12167.exe
        13⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 236
        12⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 220
        11⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 216
        10⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56201.exe
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
        10⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        11⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
        12⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
        12⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 216
        11⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        10⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        9⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12181.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
        9⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56290.exe
        10⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        11⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29654.exe
        12⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 216
        12⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
        11⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        10⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
        9⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
        8⤵
        Program crash
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
        8⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28996.exe
        9⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46503.exe
        10⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
        11⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
        12⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 204
        12⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        11⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
        10⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
        9⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7677.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
        9⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8344.exe
        10⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
        11⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 216
        11⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        10⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        9⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        8⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
        7⤵
        Program crash
        
        PID:2200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
        6⤵
        Program crash
        
        PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54959.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42856.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47916.exe
        9⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe
        10⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24614.exe
        11⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
        12⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
        13⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        14⤵
        
        PID:12560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
        13⤵
        
        PID:9456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        12⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
        11⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55376.exe
        10⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7473.exe
        11⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60703.exe
        12⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
        13⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 216
        13⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 220
        12⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
        11⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
        10⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18372.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
        10⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11988.exe
        11⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32748.exe
        12⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 200
        13⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
        12⤵
        
        PID:10140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
        11⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
        10⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
        9⤵
        Program crash
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43125.exe
        8⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe
        9⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45563.exe
        10⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60613.exe
        11⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
        12⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        13⤵
        
        PID:12660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
        13⤵
        
        PID:12988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        12⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
        11⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
        10⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24737.exe
        9⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe
        10⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60703.exe
        11⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-725.exe
        12⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
        12⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
        11⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
        10⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
        9⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
        8⤵
        Program crash
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62052.exe
        9⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45543.exe
        10⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42854.exe
        11⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        12⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
        12⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
        11⤵
        
        PID:9628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        10⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
        9⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41802.exe
        8⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        9⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        10⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4138.exe
        11⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
        11⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
        10⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        9⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
        8⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 240
        7⤵
        Program crash
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58808.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7049.exe
        8⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
        9⤵
        Program crash
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58523.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
        9⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe
        10⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        11⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
        11⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
        10⤵
        
        PID:9364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
        9⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
        8⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19664.exe
        7⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61240.exe
        8⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29591.exe
        9⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50363.exe
        10⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
        11⤵
        
        PID:10768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 216
        11⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
        10⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 216
        8⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 220
        7⤵
        Program crash
        
        PID:900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        6⤵
        Program crash
        
        PID:2332
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38679.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7834.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42721.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
        8⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        9⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59896.exe
        10⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11189.exe
        11⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14761.exe
        12⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1126.exe
        13⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8704 -s 216
        13⤵
        
        PID:12828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
        12⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
        11⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        10⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
        9⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12071.exe
        10⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
        11⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34568.exe
        12⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 216
        12⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        11⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        10⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 220
        9⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
        9⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
        10⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        11⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3903.exe
        12⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 220
        12⤵
        
        PID:12480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
        11⤵
        
        PID:10172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        10⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
        9⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        8⤵
        Program crash
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe
        7⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
        8⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe
        9⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57462.exe
        10⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
        11⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 216
        11⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
        10⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 216
        9⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 236
        8⤵
        Program crash
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 240
        7⤵
        Program crash
        
        PID:352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6327.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23526.exe
        7⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
        8⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
        9⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46953.exe
        10⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34252.exe
        11⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
        11⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 236
        10⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        9⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 236
        8⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
        7⤵
        Program crash
        
        PID:3940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        6⤵
        Program crash
        
        PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51921.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9372.exe
        9⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57046.exe
        10⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60681.exe
        11⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20225.exe
        12⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 216
        11⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 236
        10⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 216
        9⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4371.exe
        7⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44603.exe
        8⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60063.exe
        9⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
        10⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43777.exe
        11⤵
        
        PID:13268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 204
        11⤵
        
        PID:12492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
        10⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
        9⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
        8⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
        7⤵
        Program crash
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53245.exe
        6⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6639.exe
        7⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
        8⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
        9⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe
        10⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43777.exe
        11⤵
        
        PID:13256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 204
        11⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 220
        10⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        9⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 236
        8⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 236
        7⤵
        Program crash
        
        PID:4244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
        6⤵
        Program crash
        
        PID:1232
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 220
        5⤵
        Program crash
        
        PID:2476
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58545.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7642.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38922.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8211.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59275.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5897.exe
        9⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27159.exe
        10⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
        11⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41510.exe
        12⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        13⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 220
        13⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        12⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
        11⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe
        10⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
        11⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1126.exe
        12⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 216
        12⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
        11⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
        10⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
        9⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe
        9⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
        10⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        11⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        12⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 216
        12⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 220
        11⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        10⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
        9⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
        8⤵
        Program crash
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
        7⤵
        Executes dropped EXE
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56992.exe
        8⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43446.exe
        9⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        10⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe
        11⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1299.exe
        12⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 216
        12⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
        11⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
        10⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 216
        9⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
        8⤵
        Program crash
        
        PID:4116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
        7⤵
        Program crash
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
        7⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41334.exe
        9⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
        10⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe
        11⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18598.exe
        12⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 204
        12⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
        11⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 236
        10⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
        9⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 216
        8⤵
        Program crash
        
        PID:4380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
        7⤵
        Program crash
        
        PID:3956
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 240
        6⤵
        Program crash
        
        PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2336.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        7⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        9⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12071.exe
        10⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
        11⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        12⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 216
        12⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
        11⤵
        
        PID:9880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
        10⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
        9⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37318.exe
        9⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        10⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4031.exe
        11⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 204
        11⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
        10⤵
        
        PID:10116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        9⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
        8⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe
        7⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42709.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
        9⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        10⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44365.exe
        11⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 204
        11⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
        10⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        9⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
        8⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
        7⤵
        Program crash
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
        6⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62384.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9652.exe
        8⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
        9⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12988.exe
        10⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32275.exe
        11⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
        11⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        10⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        9⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 236
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5739.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22274.exe
        8⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
        9⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        10⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 216
        10⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
        9⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
        8⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 220
        7⤵
        
        PID:4720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
        6⤵
        Program crash
        
        PID:344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 220
        5⤵
        Program crash
        
        PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36977.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6057.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57604.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42555.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe
        8⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
        9⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
        10⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe
        11⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6003.exe
        12⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 216
        12⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
        11⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        10⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
        9⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
        8⤵
        Program crash
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36358.exe
        7⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29164.exe
        9⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19068.exe
        10⤵
        
        PID:11124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
        10⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 236
        9⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 216
        8⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
        7⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36716.exe
        6⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 220
        7⤵
        Program crash
        
        PID:4228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 240
        6⤵
        Program crash
        
        PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38423.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        6⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        7⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
        9⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
        10⤵
        
        PID:10472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 216
        10⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
        9⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        8⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
        7⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        6⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        7⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        9⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64916.exe
        10⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 236
        10⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 220
        9⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
        8⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        7⤵
        
        PID:5200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
        6⤵
        Program crash
        
        PID:3916
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 240
        5⤵
        Program crash
        
        PID:2700
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1160
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55642.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9882.exe
        8⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9052.exe
        9⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
        10⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        11⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        12⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53229.exe
        13⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
        12⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        11⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
        10⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
        9⤵
        Program crash
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37126.exe
        8⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
        9⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
        10⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        11⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29413.exe
        12⤵
        
        PID:12672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 216
        12⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 220
        11⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
        10⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 216
        9⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
        8⤵
        Program crash
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62845.exe
        7⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13375.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        9⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
        10⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        11⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 216
        11⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 236
        10⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        9⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
        8⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 240
        7⤵
        Program crash
        
        PID:488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55912.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
        8⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
        9⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27941.exe
        10⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
        11⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        12⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
        12⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
        11⤵
        
        PID:10148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
        10⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 216
        9⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        8⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        9⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
        10⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28193.exe
        11⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe
        12⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9228 -s 236
        11⤵
        
        PID:11192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
        10⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
        9⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        8⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
        10⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe
        11⤵
        
        PID:11328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 216
        11⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        10⤵
        
        PID:10108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        9⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
        8⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
        7⤵
        Program crash
        
        PID:3828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 220
        6⤵
        Program crash
        
        PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51921.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58289.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39670.exe
        7⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
        9⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37894.exe
        10⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe
        11⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27365.exe
        12⤵
        
        PID:12608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 216
        12⤵
        
        PID:12860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 220
        11⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        10⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        9⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55324.exe
        8⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54230.exe
        9⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        10⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        11⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 204
        11⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 220
        10⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        9⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 220
        8⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 236
        7⤵
        Program crash
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12705.exe
        6⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45664.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12071.exe
        9⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7109.exe
        10⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
        11⤵
        
        PID:10820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 236
        11⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        10⤵
        
        PID:9612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        9⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
        8⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        7⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe
        9⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27453.exe
        10⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 204
        10⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
        9⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
        8⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        7⤵
        
        PID:4668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 240
        6⤵
        Program crash
        
        PID:380
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
        5⤵
        Program crash
        
        PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58481.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
        7⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
        8⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11297.exe
        9⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29783.exe
        10⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe
        10⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        11⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        12⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 220
        12⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 220
        11⤵
        
        PID:9740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 240
        10⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7960.exe
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
        9⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 212
        10⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        9⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
        8⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59239.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        9⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50780.exe
        10⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
        10⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 236
        9⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
        8⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
        7⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52669.exe
        6⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        7⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11100.exe
        8⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        9⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
        10⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
        10⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 236
        9⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        8⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
        7⤵
        
        PID:4756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
        6⤵
        Program crash
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        6⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39696.exe
        7⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
        8⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
        9⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12554.exe
        10⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 216
        10⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 236
        9⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 216
        8⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 236
        7⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52311.exe
        6⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46632.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        8⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        9⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
        10⤵
        
        PID:13280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
        9⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        8⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
        7⤵
        
        PID:5816
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 220
        6⤵
        Program crash
        
        PID:3356
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 240
        5⤵
        Program crash
        
        PID:1988
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7642.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22394.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49099.exe
        7⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21506.exe
        9⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26466.exe
        10⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
        11⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 216
        11⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        10⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
        9⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 236
        8⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9654.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12071.exe
        9⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32748.exe
        10⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 200
        11⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
        10⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        9⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
        8⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
        7⤵
        Program crash
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        6⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
        7⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11297.exe
        8⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45237.exe
        9⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13614.exe
        10⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8892 -s 220
        11⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 220
        10⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
        9⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        8⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe
        7⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60582.exe
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41081.exe
        9⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        10⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        11⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 236
        10⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
        9⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        8⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
        7⤵
        
        PID:5756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        6⤵
        Program crash
        
        PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42747.exe
        6⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58630.exe
        8⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45237.exe
        9⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
        10⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        11⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
        11⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
        10⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
        9⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 216
        8⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
        7⤵
        Program crash
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21475.exe
        6⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
        7⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
        8⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28182.exe
        9⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24742.exe
        10⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 236
        9⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
        8⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
        7⤵
        
        PID:6464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
        6⤵
        Program crash
        
        PID:3556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
        5⤵
        Program crash
        
        PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe
        6⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9981.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40945.exe
        8⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        9⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        10⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 216
        10⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
        9⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
        8⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 216
        7⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        6⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44796.exe
        8⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        9⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62085.exe
        10⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 204
        10⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 220
        9⤵
        
        PID:1432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        8⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
        7⤵
        
        PID:6096
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 240
        6⤵
        Program crash
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
        5⤵
        
        PID:708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62384.exe
        6⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe
        7⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
        8⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19016.exe
        9⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
        9⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 236
        8⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
        7⤵
        
        PID:6748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 236
        6⤵
        
        PID:4832
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        5⤵
        Program crash
        
        PID:2812
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
      4⤵
      Program crash
      PID:500
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1040
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
  2⤵
  - Program crash
  PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe

Filesize
184KB

MD5
78fb7f2280e5fe50bed4a803f9244c51

SHA1
cf7175902056e055643a6ade83b1e0f23d643eea

SHA256
09b07861fd02c3cf57a713bb2b3ce454e42f2778d57739ca1b498fb2e7117b4c

SHA512
9b5ac41f32b6b9284ea78a536188efb1d6179b0c4924e083718e99b4070856b8ccefbebbef97dd29d51be1cc288f4910c26163ca901e6b274c546096a2dcc948

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54959.exe

Filesize
184KB

MD5
3b28afa23a01e57c1e320a3f688ea14e

SHA1
1f9dc4b58aeb88dd8b6882fd236c1ccbc02f4c15

SHA256
2bbb995284bb290c795ba2b742d1a79a1b84c2c2eda28e147c6f2d4b558bd036

SHA512
d7b7af5c7ed8bfae871f63a123610343fcdcf5f0078fd3e24b54e1eb1ea2273bd3fa95275ee147721ccf3e9b93c8a2be37298e553ea724adec81037870ff663e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe

Filesize
184KB

MD5
26292ae5d4358c9a39058a333b76c63a

SHA1
4dade00ba8b794cb6bc8d44a0a94f10d8ccb90ab

SHA256
79919eab8c5dde0d5ac20ab6656fc7bdc96175e978e4c8c72969201cc7ee962a

SHA512
7a204d49b88c926deb5618d7a8872e1bc18a993b2cbe0c2f260f4fb4a960e21ef29719bf6ab672c5ced51b90c3c72b7c647d194c83be717af5bfa484ac4dbc6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58545.exe

Filesize
184KB

MD5
d3e0145722d31ce7b3b0f5704b98b4b0

SHA1
9fba9f39c918d88c192298f0a3bd660215a3dfd4

SHA256
02a345f948405bec5dfaffa04ce54bb359140d73ce861dd573ea451fe42d3d93

SHA512
804492794fac73ecdc6665da1e677b77bbb9d93d6eadcc9f0fe177a58df738cff504ec46242b60438853c7529e4eb2b6af82a645d84e9acf48867cf36da088ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6057.exe

Filesize
184KB

MD5
ba96040cbc402867399c899223acc5af

SHA1
1bbcd56edae24168b176099e1576d6bfe780f84c

SHA256
814d89f5e0749ad3e93cb2330c8e2f0a39b44694a6ca40d11c35e30b54321414

SHA512
36277e7c98ce4258109431932058444f1472c6ce1063cde3d2d332c19cf767882c138e2cc18a7922a12e17a5fc954cc09baf4e586ec613730dbb65dc5c4bf70e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe

Filesize
184KB

MD5
3bf1974afeff4d2a48a18d100fa2767d

SHA1
3892298bfe8ac1cfc06c4dfa221e21a3b9ae7ca9

SHA256
67d16c03680599cc07a5e87e209cdf4e73ba25e55a349e9c6c90b35c09aaa600

SHA512
cde68888e249ae5bbb465f33399757403bcf798f404e558a035739644bc7d92577747782e3f7c71fe90f98b4fa57007730f34126c04cd12ab585ef235b0fab36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6639.exe

Filesize
184KB

MD5
a35c71774ed802150c2fcb46b82c8f3c

SHA1
15ba3b815e214bc4ded54da87ce76c12c6111a5d

SHA256
b7fda6806a4535dc8eb2f3f3fd92e606d6b84f6d81b7ad231bf515eb9faf1cd7

SHA512
500a6352983a1b277d5e5b7a3fd2be221c9e5e5201833a5ae16961e9f813d001392c553bb55112f328dc5255a3f3e597f52a70365dcb12b79540cb336ca25e38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe

Filesize
184KB

MD5
d7ddfd9e68f0a68636374499a1cbb433

SHA1
263b8756c9a3766d43969856ee840dca016c7002

SHA256
7428c2e9ea9fae18efd913ab833d6e98ec3ef34f34e93766dd39f3820014669c

SHA512
e0ca56f1e77b42dcf302777b3bfb2652e2590598f0aea32ee8e5c5ee61872b579145b40ffb9e9e791090a8be7777b2e1bf6bfda4b56b23b2dacb8ecf9731a8fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe

Filesize
184KB

MD5
9be28bf14a310cc5228964d7661eeeb8

SHA1
449f505f252f2d104a90cc20a177c9ea4d237a39

SHA256
8e59a588dd4e0fde59c5f2d899e02505d6f0900b3da508d37f9afe24899ab834

SHA512
06624d197f58f225307c77517796a5c21c1071ad5e1613c582bea5639eb90b3f666c9408bfa39aaae17ea7a9aaeda08eb960e2dafe27023f3bee4f0d7ccedf64

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe

Filesize
184KB

MD5
d00427712bb627ead400700e42493a68

SHA1
21d6a0aa9b39b8370a6a078e2c1409cc0d2fcb43

SHA256
6b3fde7e2cb04bc0b6b61d357fee1144f817dd29bca83a75ea2d9a7baf82c676

SHA512
06e027ad1845c081b537765df8584aed3d2e99cb5b7848eaf0b6a1c9f6478785fa6d2d5373d564067ad3afa16769040bdc9162de8321aedb21d7bd3d33aee352

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38679.exe

Filesize
184KB

MD5
b98b7ca0454afa1185cef6843b4d4e65

SHA1
1fd02a91e51447de9d52d2dfa576ecf294cfe572

SHA256
d1abb247dc9f98f1f5431e10f5540059b91b8487463078fc81ffa2883042597f

SHA512
f1c30a02fd4f2c89fd928e742ec7f6697f459c90769fc5159656a7d42e9be685191de77f8d58a40ef6bfa76cb2bba40f18fabb354e04a6952618cf1d81f7cfd8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe

Filesize
184KB

MD5
379c8a41bc6b66a8630690412659fb54

SHA1
d34eb1849b337d8823947baa23886be16d09e3d7

SHA256
34ce4254167e86b7f99fd0f11d2859ab6d2753feeb55de32efceb313b5c654f2

SHA512
d6bbc0dd8bca956bc66bd569de2a0af1a9e8d7fee0ecac2ce59d97636e44fadb6181582bef1e1bad6cbfc7dc1a092160b56b4c50c8ba3199938fe0c2c385920e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe

Filesize
184KB

MD5
9684ad48c86e12f6c9f6269ce8b9a1f3

SHA1
c3f7fe3b591abf03765b2fd2cef1908b3d0b8f8f

SHA256
95cb1fc8db8db49491030f2de66d887015d6ecf5835ef01583dbca8ae7323acd

SHA512
c3e8cc4b4f2658487c1b22a2fa121942d8e0acb626c1a20aaa60eff912dedaa4ea9c6b053187c1394af35f8761e1a227a676f5f15ca9f4092f962fc41429c47a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57860.exe

Filesize
184KB

MD5
ddf87fee71e0e30036d3bd694408d4a5

SHA1
9da9009bb0557a15e9dcd8d7328e28474b041519

SHA256
86edd93fbff3572730c01262ca9b11006085736e02d1c42067f1fee038bbb8af

SHA512
40f6eae3b047a286c2d1d8e3141677a13b3acd4d82c7fb764ec2b86fc9f0eebb2f320b57f3661b03448a959dd5ccc1ae560bc3e920e271e54ad19957e66a62ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7283.exe

Filesize
184KB

MD5
458cc062a4c3ce450f339bc78705d8c9

SHA1
9e021d2389ed9b99acf1e6cd2a34cf786907c8da

SHA256
8eddc3c40a1a1fde9ad9d2f8c08e23c9cd25a0201621e3568db872d2e25af115

SHA512
46feb1cdb117fb1e6fa890a59c0c891cd86c9e1c022b79dbddc30c2b59ed3678cedd6f9d8942161d063ce2f072931c6b312437462b94a61ea78543970ddffab6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7834.exe

Filesize
184KB

MD5
d3f01ae122b23779698a283b080c6c10

SHA1
7ad72ba62056595734ca8ae1b028ba84cdd538f1

SHA256
a7f1ebb8ea954c143f2ee9fabf3dcc8a4124020117e2e1986a8f708a3b2033bb

SHA512
e867ae97efd30ddec956f162a9283a4c4d2aceb2c74988f23b332024a45e150f79aea22f6a5ad8bbbd7644fefffa5fd6179f4d7b5ac7d24eb3fa6d4121deb933

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8218.exe

Filesize
184KB

MD5
2f6bdd2b5fe2af55aa5358a2a6963071

SHA1
106ff78af9144445201cb7fdaeaa0d674d041431

SHA256
a3d42fd017bfd4227679061b3b34ec35f9a13a13489d7f5d034d15b0eb6b766a

SHA512
8b5d0a22a1271465a100b461158f228702b6409e4b787bdfa7475035e56b0edcf9f9e826011dbc20b47c9a11b13a8a5d58dec0509b5ec79ca891bf31a06d1c25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe

Filesize
184KB

MD5
3b0fa5ea41c1f88f76533f2edb7cd637

SHA1
4b3f20171490c4cedad0b2ae3e056d5e5c4a51f2

SHA256
59182c437c1b40f835093624ea54f0922fa793ebd0a4f614ce75f32df73f3610

SHA512
4ecf8b08f895170751a4b3a8115c890f95d987dd4bc1df0aaa5bb0e2fd011478109b7acff7735eacaca8d798c644c306add6f81db51d45060eef4df2beacd610

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads