ed55753f8f0a7b8acf0d054217f025b556a86b5839f60da1d1f562c5405e023e

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 11:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b03ab800843f81b702157f92dbfe8f30_NeikiAnalytics.exe
Size

184KB
MD5

b03ab800843f81b702157f92dbfe8f30
SHA1

46b67b07ee9431ef25487daea0505f85e12bfb40
SHA256

ed55753f8f0a7b8acf0d054217f025b556a86b5839f60da1d1f562c5405e023e
SHA512

b9c2e02a5edd198986d25ebbae6c2021273cf3ef94560551baada181b6f21458ff9b6169fd89ec38b2555e13d87705778f2689a9eace3c11ee465f0f67626776
SSDEEP

1536:mBZq6LZ5u3D8o5xOtbhgrDwMDo9yvZc8AmddjwLR2VQgPteyl5hj5nizpAe:qvm3D8ofAbhodDeWemwLRtWeylnViFP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1972	Unicorn-22273.exe
2532	Unicorn-17250.exe
2644	Unicorn-50669.exe
2664	Unicorn-8370.exe
2408	Unicorn-61463.exe
2148	Unicorn-41597.exe
2432	Unicorn-28442.exe
776	Unicorn-12620.exe
2820	Unicorn-49932.exe
2620	Unicorn-48308.exe
240	Unicorn-57545.exe
2008	Unicorn-6022.exe
2888	Unicorn-55031.exe
2196	Unicorn-42779.exe
1960	Unicorn-18829.exe
692	Unicorn-34611.exe
608	Unicorn-14745.exe
3068	Unicorn-20064.exe
3036	Unicorn-39930.exe
2776	Unicorn-11896.exe
1184	Unicorn-27678.exe
1676	Unicorn-3728.exe
960	Unicorn-60350.exe
1708	Unicorn-52182.exe
1844	Unicorn-47906.exe
1924	Unicorn-19872.exe
1644	Unicorn-39738.exe
2476	Unicorn-57657.exe
1796	Unicorn-41129.exe
2512	Unicorn-651.exe
2604	Unicorn-40060.exe
2692	Unicorn-53189.exe
2388	Unicorn-7750.exe
2404	Unicorn-32769.exe
2304	Unicorn-11279.exe
2852	Unicorn-459.exe
2084	Unicorn-459.exe
2444	Unicorn-20325.exe
780	Unicorn-44507.exe
2628	Unicorn-64372.exe
1580	Unicorn-20600.exe
1576	Unicorn-62187.exe
1572	Unicorn-16516.exe
2804	Unicorn-4538.exe
2480	Unicorn-46126.exe
2228	Unicorn-29597.exe
1088	Unicorn-53547.exe
1012	Unicorn-61715.exe
528	Unicorn-29043.exe
1464	Unicorn-53355.exe
1176	Unicorn-33489.exe
916	Unicorn-25321.exe
804	Unicorn-40911.exe
3012	Unicorn-32743.exe
1976	Unicorn-32743.exe
572	Unicorn-24575.exe
2056	Unicorn-4709.exe
1536	Unicorn-1969.exe
2796	Unicorn-17751.exe
2600	Unicorn-13666.exe
2588	Unicorn-51170.exe
1040	Unicorn-5498.exe
2660	Unicorn-47086.exe
1516	Unicorn-25919.exe

Loads dropped DLL 64 IoCs

pid	Process
1892	b03ab800843f81b702157f92dbfe8f30_NeikiAnalytics.exe
1892	b03ab800843f81b702157f92dbfe8f30_NeikiAnalytics.exe
1972	Unicorn-22273.exe
1972	Unicorn-22273.exe
1892	b03ab800843f81b702157f92dbfe8f30_NeikiAnalytics.exe
1892	b03ab800843f81b702157f92dbfe8f30_NeikiAnalytics.exe
2532	Unicorn-17250.exe
2532	Unicorn-17250.exe
2644	Unicorn-50669.exe
2644	Unicorn-50669.exe
1972	Unicorn-22273.exe
1972	Unicorn-22273.exe
2936	WerFault.exe
2936	WerFault.exe
2936	WerFault.exe
2936	WerFault.exe
2936	WerFault.exe
2408	Unicorn-61463.exe
2644	Unicorn-50669.exe
2408	Unicorn-61463.exe
2644	Unicorn-50669.exe
2664	Unicorn-8370.exe
2532	Unicorn-17250.exe
2532	Unicorn-17250.exe
2148	Unicorn-41597.exe
2664	Unicorn-8370.exe
2148	Unicorn-41597.exe
2176	WerFault.exe
2176	WerFault.exe
2176	WerFault.exe
2176	WerFault.exe
1260	WerFault.exe
1260	WerFault.exe
1260	WerFault.exe
1260	WerFault.exe
2176	WerFault.exe
1260	WerFault.exe
2432	Unicorn-28442.exe
2432	Unicorn-28442.exe
2820	Unicorn-49932.exe
2820	Unicorn-49932.exe
240	Unicorn-57545.exe
240	Unicorn-57545.exe
2664	Unicorn-8370.exe
2664	Unicorn-8370.exe
2408	Unicorn-61463.exe
776	Unicorn-12620.exe
2408	Unicorn-61463.exe
776	Unicorn-12620.exe
1784	WerFault.exe
1784	WerFault.exe
1784	WerFault.exe
1784	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
1784	WerFault.exe
2704	WerFault.exe
1480	WerFault.exe
1480	WerFault.exe
1480	WerFault.exe
1480	WerFault.exe
1480	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2936	1972	WerFault.exe	29
2176	2532	WerFault.exe	30
1260	2644	WerFault.exe	31
1784	2408	WerFault.exe	33
2704	2664	WerFault.exe	32
1480	2148	WerFault.exe	34
2736	2432	WerFault.exe	37
1732	2820	WerFault.exe	39
2468	2620	WerFault.exe	38
1508	240	WerFault.exe	40
2908	776	WerFault.exe	36
860	2008	WerFault.exe	43
2168	2888	WerFault.exe	44
1684	1960	WerFault.exe	46
1956	2196	WerFault.exe	45
2224	608	WerFault.exe	47
1840	692	WerFault.exe	48
2832	3068	WerFault.exe	53
2000	3036	WerFault.exe	52
1744	1676	WerFault.exe	56
2212	1708	WerFault.exe	58
2728	1844	WerFault.exe	59
2952	960	WerFault.exe	57
2944	1644	WerFault.exe	61
656	1924	WerFault.exe	60
2400	2476	WerFault.exe	67
2412	1796	WerFault.exe	68
2464	2512	WerFault.exe	69
1512	2692	WerFault.exe	71
1468	2604	WerFault.exe	70
1608	2852	WerFault.exe	77
2992	2084	WerFault.exe	76
832	2404	WerFault.exe	73
1648	2304	WerFault.exe	74
1668	780	WerFault.exe	79
2640	2388	WerFault.exe	72
1128	2444	WerFault.exe	75
800	2628	WerFault.exe	78
1932	1576	WerFault.exe	81
1368	1572	WerFault.exe	82
3076	1580	WerFault.exe	80
3812	2804	WerFault.exe	86
3964	2228	WerFault.exe	92
4092	1012	WerFault.exe	94
3204	2588	WerFault.exe	106
3244	2600	WerFault.exe	105
3304	1088	WerFault.exe	91
3316	528	WerFault.exe	93
3452	292	WerFault.exe	112
3400	3012	WerFault.exe	100
3644	1976	WerFault.exe	99
3768	572	WerFault.exe	101
3836	1464	WerFault.exe	95
3328	2056	WerFault.exe	102
3180	812	WerFault.exe	110
3464	804	WerFault.exe	98
4252	1444	WerFault.exe	113
4264	916	WerFault.exe	97
4472	576	WerFault.exe	119
4504	1636	WerFault.exe	133
4536	2524	WerFault.exe	145
4560	1736	WerFault.exe	149
4552	2232	WerFault.exe	137
4572	1132	WerFault.exe	120

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1892	b03ab800843f81b702157f92dbfe8f30_NeikiAnalytics.exe
1972	Unicorn-22273.exe
2532	Unicorn-17250.exe
2644	Unicorn-50669.exe
2664	Unicorn-8370.exe
2408	Unicorn-61463.exe
2148	Unicorn-41597.exe
2432	Unicorn-28442.exe
2820	Unicorn-49932.exe
2620	Unicorn-48308.exe
240	Unicorn-57545.exe
776	Unicorn-12620.exe
2008	Unicorn-6022.exe
2888	Unicorn-55031.exe
1960	Unicorn-18829.exe
692	Unicorn-34611.exe
2196	Unicorn-42779.exe
608	Unicorn-14745.exe
3068	Unicorn-20064.exe
3036	Unicorn-39930.exe
2776	Unicorn-11896.exe
1184	Unicorn-27678.exe
1676	Unicorn-3728.exe
960	Unicorn-60350.exe
1844	Unicorn-47906.exe
1708	Unicorn-52182.exe
1644	Unicorn-39738.exe
1924	Unicorn-19872.exe
2476	Unicorn-57657.exe
1796	Unicorn-41129.exe
2512	Unicorn-651.exe
2604	Unicorn-40060.exe
2692	Unicorn-53189.exe
2388	Unicorn-7750.exe
2404	Unicorn-32769.exe
2304	Unicorn-11279.exe
2852	Unicorn-459.exe
2084	Unicorn-459.exe
2444	Unicorn-20325.exe
2628	Unicorn-64372.exe
780	Unicorn-44507.exe
1576	Unicorn-62187.exe
1580	Unicorn-20600.exe
1572	Unicorn-16516.exe
2804	Unicorn-4538.exe
2228	Unicorn-29597.exe
2480	Unicorn-46126.exe
1012	Unicorn-61715.exe
1088	Unicorn-53547.exe
528	Unicorn-29043.exe
916	Unicorn-25321.exe
1176	Unicorn-33489.exe
1464	Unicorn-53355.exe
804	Unicorn-40911.exe
3012	Unicorn-32743.exe
1976	Unicorn-32743.exe
572	Unicorn-24575.exe
2056	Unicorn-4709.exe
1536	Unicorn-1969.exe
2796	Unicorn-17751.exe
2600	Unicorn-13666.exe
2588	Unicorn-51170.exe
1040	Unicorn-5498.exe
2660	Unicorn-47086.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 1972	1892	b03ab800843f81b702157f92dbfe8f30_NeikiAnalytics.exe	29
PID 1892 wrote to memory of 1972	1892	b03ab800843f81b702157f92dbfe8f30_NeikiAnalytics.exe	29
PID 1892 wrote to memory of 1972	1892	b03ab800843f81b702157f92dbfe8f30_NeikiAnalytics.exe	29
PID 1892 wrote to memory of 1972	1892	b03ab800843f81b702157f92dbfe8f30_NeikiAnalytics.exe	29
PID 1972 wrote to memory of 2532	1972	Unicorn-22273.exe	30
PID 1972 wrote to memory of 2532	1972	Unicorn-22273.exe	30
PID 1972 wrote to memory of 2532	1972	Unicorn-22273.exe	30
PID 1972 wrote to memory of 2532	1972	Unicorn-22273.exe	30
PID 1892 wrote to memory of 2644	1892	b03ab800843f81b702157f92dbfe8f30_NeikiAnalytics.exe	31
PID 1892 wrote to memory of 2644	1892	b03ab800843f81b702157f92dbfe8f30_NeikiAnalytics.exe	31
PID 1892 wrote to memory of 2644	1892	b03ab800843f81b702157f92dbfe8f30_NeikiAnalytics.exe	31
PID 1892 wrote to memory of 2644	1892	b03ab800843f81b702157f92dbfe8f30_NeikiAnalytics.exe	31
PID 2532 wrote to memory of 2664	2532	Unicorn-17250.exe	32
PID 2532 wrote to memory of 2664	2532	Unicorn-17250.exe	32
PID 2532 wrote to memory of 2664	2532	Unicorn-17250.exe	32
PID 2532 wrote to memory of 2664	2532	Unicorn-17250.exe	32
PID 2644 wrote to memory of 2408	2644	Unicorn-50669.exe	33
PID 2644 wrote to memory of 2408	2644	Unicorn-50669.exe	33
PID 2644 wrote to memory of 2408	2644	Unicorn-50669.exe	33
PID 2644 wrote to memory of 2408	2644	Unicorn-50669.exe	33
PID 1972 wrote to memory of 2148	1972	Unicorn-22273.exe	34
PID 1972 wrote to memory of 2148	1972	Unicorn-22273.exe	34
PID 1972 wrote to memory of 2148	1972	Unicorn-22273.exe	34
PID 1972 wrote to memory of 2148	1972	Unicorn-22273.exe	34
PID 1972 wrote to memory of 2936	1972	Unicorn-22273.exe	35
PID 1972 wrote to memory of 2936	1972	Unicorn-22273.exe	35
PID 1972 wrote to memory of 2936	1972	Unicorn-22273.exe	35
PID 1972 wrote to memory of 2936	1972	Unicorn-22273.exe	35
PID 2408 wrote to memory of 776	2408	Unicorn-61463.exe	36
PID 2408 wrote to memory of 776	2408	Unicorn-61463.exe	36
PID 2408 wrote to memory of 776	2408	Unicorn-61463.exe	36
PID 2408 wrote to memory of 776	2408	Unicorn-61463.exe	36
PID 2644 wrote to memory of 2432	2644	Unicorn-50669.exe	37
PID 2644 wrote to memory of 2432	2644	Unicorn-50669.exe	37
PID 2644 wrote to memory of 2432	2644	Unicorn-50669.exe	37
PID 2644 wrote to memory of 2432	2644	Unicorn-50669.exe	37
PID 2532 wrote to memory of 2820	2532	Unicorn-17250.exe	39
PID 2532 wrote to memory of 2820	2532	Unicorn-17250.exe	39
PID 2532 wrote to memory of 2820	2532	Unicorn-17250.exe	39
PID 2532 wrote to memory of 2820	2532	Unicorn-17250.exe	39
PID 2664 wrote to memory of 2620	2664	Unicorn-8370.exe	38
PID 2664 wrote to memory of 2620	2664	Unicorn-8370.exe	38
PID 2664 wrote to memory of 2620	2664	Unicorn-8370.exe	38
PID 2664 wrote to memory of 2620	2664	Unicorn-8370.exe	38
PID 2148 wrote to memory of 240	2148	Unicorn-41597.exe	40
PID 2148 wrote to memory of 240	2148	Unicorn-41597.exe	40
PID 2148 wrote to memory of 240	2148	Unicorn-41597.exe	40
PID 2148 wrote to memory of 240	2148	Unicorn-41597.exe	40
PID 2532 wrote to memory of 2176	2532	Unicorn-17250.exe	41
PID 2532 wrote to memory of 2176	2532	Unicorn-17250.exe	41
PID 2532 wrote to memory of 2176	2532	Unicorn-17250.exe	41
PID 2532 wrote to memory of 2176	2532	Unicorn-17250.exe	41
PID 2644 wrote to memory of 1260	2644	Unicorn-50669.exe	42
PID 2644 wrote to memory of 1260	2644	Unicorn-50669.exe	42
PID 2644 wrote to memory of 1260	2644	Unicorn-50669.exe	42
PID 2644 wrote to memory of 1260	2644	Unicorn-50669.exe	42
PID 2432 wrote to memory of 2008	2432	Unicorn-28442.exe	43
PID 2432 wrote to memory of 2008	2432	Unicorn-28442.exe	43
PID 2432 wrote to memory of 2008	2432	Unicorn-28442.exe	43
PID 2432 wrote to memory of 2008	2432	Unicorn-28442.exe	43
PID 2820 wrote to memory of 2888	2820	Unicorn-49932.exe	44
PID 2820 wrote to memory of 2888	2820	Unicorn-49932.exe	44
PID 2820 wrote to memory of 2888	2820	Unicorn-49932.exe	44
PID 2820 wrote to memory of 2888	2820	Unicorn-49932.exe	44

C:\Users\Admin\AppData\Local\Temp\b03ab800843f81b702157f92dbfe8f30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b03ab800843f81b702157f92dbfe8f30_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8370.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48308.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53355.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        9⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        10⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        11⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59721.exe
        12⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe
        13⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
        12⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
        11⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
        10⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 236
        9⤵
        Program crash
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3059.exe
        8⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        9⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21742.exe
        10⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31135.exe
        11⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
        12⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16225.exe
        13⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 216
        12⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        11⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
        10⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        9⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63423.exe
        10⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46618.exe
        11⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64465.exe
        12⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10576 -s 216
        12⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
        11⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        10⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        9⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
        8⤵
        Program crash
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        8⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60532.exe
        9⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        10⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10107.exe
        11⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
        12⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
        12⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
        11⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
        10⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
        9⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
        8⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        9⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        10⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe
        11⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
        11⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
        10⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
        9⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 220
        8⤵
        Program crash
        
        PID:4264
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 216
        6⤵
        Program crash
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18829.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60350.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
        9⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
        10⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8773.exe
        11⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58483.exe
        12⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39779.exe
        13⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 236
        13⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
        12⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        11⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 216
        10⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        10⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22360.exe
        11⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
        12⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
        12⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        11⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
        10⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 220
        9⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1715.exe
        8⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
        10⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22334.exe
        11⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exe
        12⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 216
        12⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
        11⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
        10⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 236
        9⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        8⤵
        Program crash
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17497.exe
        8⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48088.exe
        9⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3215.exe
        10⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        11⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15554.exe
        12⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
        12⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 220
        11⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
        10⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 216
        9⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9146.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
        9⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
        10⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32249.exe
        11⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 220
        11⤵
        
        PID:12360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        10⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
        9⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
        8⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
        7⤵
        Program crash
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18841.exe
        8⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
        9⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe
        10⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        11⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
        12⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
        12⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
        11⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        10⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 236
        9⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
        8⤵
        Program crash
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60236.exe
        7⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20844.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
        9⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47523.exe
        10⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        11⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        12⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12284 -s 216
        12⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
        11⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
        10⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        9⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
        8⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
        7⤵
        Program crash
        
        PID:1668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 220
        6⤵
        Program crash
        
        PID:1684
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49932.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55031.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
        9⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        10⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
        11⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        12⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe
        13⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
        14⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9280 -s 216
        14⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        13⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 220
        12⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
        11⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        10⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
        11⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54539.exe
        12⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24382.exe
        13⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 216
        13⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
        12⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        11⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
        10⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        9⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-169.exe
        10⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33553.exe
        11⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        12⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        13⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 236
        13⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 236
        12⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        11⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
        10⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
        9⤵
        Program crash
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64429.exe
        8⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        9⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12950.exe
        10⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe
        11⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42147.exe
        12⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        13⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
        13⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
        12⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        11⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        10⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe
        9⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8773.exe
        10⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58483.exe
        11⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9654.exe
        12⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 216
        12⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        11⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        10⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
        9⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        8⤵
        Program crash
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43345.exe
        8⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23584.exe
        9⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe
        10⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
        11⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29981.exe
        12⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50550.exe
        13⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
        12⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
        11⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
        10⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        9⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22967.exe
        10⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        11⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51510.exe
        12⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
        11⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
        10⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
        9⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21675.exe
        10⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
        11⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 220
        11⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
        10⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        9⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 240
        8⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7750.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17751.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51238.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11331.exe
        9⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
        10⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1280.exe
        11⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32799.exe
        12⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
        12⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
        11⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
        10⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
        9⤵
        Program crash
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36390.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47839.exe
        9⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27103.exe
        10⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9088.exe
        11⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
        11⤵
        
        PID:12376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
        10⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        9⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        8⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 236
        7⤵
        Program crash
        
        PID:2640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
        6⤵
        Program crash
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3728.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32743.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
        8⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28820.exe
        9⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9297.exe
        10⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56215.exe
        11⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        12⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59486.exe
        13⤵
        
        PID:12792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
        12⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        11⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
        10⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        9⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
        10⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62653.exe
        11⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
        12⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10744 -s 236
        12⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
        11⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        10⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
        9⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-786.exe
        8⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        9⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6630.exe
        10⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2544.exe
        11⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18729.exe
        12⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
        11⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
        10⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
        9⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 220
        8⤵
        Program crash
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3059.exe
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
        9⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9339.exe
        10⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49711.exe
        11⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
        11⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
        10⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        9⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 216
        8⤵
        Program crash
        
        PID:4560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
        7⤵
        Program crash
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4709.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35177.exe
        7⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        8⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16314.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29936.exe
        10⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54594.exe
        11⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2545.exe
        12⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10288 -s 236
        12⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
        11⤵
        
        PID:10424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
        10⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
        9⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45649.exe
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59640.exe
        9⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
        10⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
        11⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10388 -s 216
        11⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
        10⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 236
        9⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
        8⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-786.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
        8⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65151.exe
        9⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exe
        10⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
        11⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 216
        10⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        9⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        8⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        7⤵
        Program crash
        
        PID:3328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
        6⤵
        Program crash
        
        PID:1744
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        5⤵
        Program crash
        
        PID:1732
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42779.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20325.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13666.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
        9⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8866.exe
        10⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe
        11⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
        12⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32249.exe
        13⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
        13⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
        12⤵
        
        PID:9460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
        11⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 236
        10⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 216
        9⤵
        Program crash
        
        PID:3244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
        8⤵
        Program crash
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51170.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59598.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe
        9⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53599.exe
        10⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61290.exe
        11⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7855.exe
        12⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
        13⤵
        
        PID:12656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 216
        13⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
        12⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        11⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 236
        10⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1923.exe
        10⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe
        11⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        12⤵
        
        PID:12668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 236
        12⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
        11⤵
        
        PID:10800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
        10⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        9⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48259.exe
        8⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
        9⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        10⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42287.exe
        11⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32249.exe
        12⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 220
        12⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
        11⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        10⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        9⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
        8⤵
        Program crash
        
        PID:3204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
        7⤵
        Program crash
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62343.exe
        9⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        10⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        11⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        12⤵
        
        PID:772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8612 -s 236
        12⤵
        
        PID:13068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 236
        11⤵
        
        PID:10036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        10⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
        9⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        8⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
        9⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2873.exe
        10⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1543.exe
        11⤵
        
        PID:11644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 220
        11⤵
        
        PID:12728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 236
        10⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        9⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
        8⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
        7⤵
        Program crash
        
        PID:2992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        6⤵
        Program crash
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19872.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16516.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
        7⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43791.exe
        8⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21057.exe
        9⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32946.exe
        10⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60572.exe
        11⤵
        
        PID:11124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 236
        11⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
        10⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
        9⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 236
        8⤵
        Program crash
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        7⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        8⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
        9⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        10⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62181.exe
        11⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
        11⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
        10⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        9⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 216
        8⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        7⤵
        Program crash
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
        6⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        8⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
        9⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9915.exe
        10⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37817.exe
        11⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
        11⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        10⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 236
        9⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        8⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        9⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37776.exe
        10⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 216
        10⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        8⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
        7⤵
        
        PID:4032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        6⤵
        Program crash
        
        PID:656
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 240
        5⤵
        Program crash
        
        PID:1508
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:1480
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50669.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50669.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61463.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61463.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34611.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20600.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
        8⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64424.exe
        10⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
        11⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe
        12⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2404.exe
        13⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
        13⤵
        
        PID:12236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
        12⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        11⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
        10⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 236
        9⤵
        Program crash
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        8⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        9⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
        10⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
        11⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54018.exe
        12⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        13⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10404 -s 236
        13⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
        12⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        11⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
        10⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42908.exe
        9⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
        10⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        11⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        12⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10348 -s 216
        12⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
        11⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        10⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 240
        9⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
        8⤵
        Program crash
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe
        7⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        8⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        9⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        10⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
        11⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
        12⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
        12⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
        11⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
        10⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
        9⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37734.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        9⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33844.exe
        10⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
        11⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
        11⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        10⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        9⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
        8⤵
        Program crash
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        7⤵
        Program crash
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62187.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25919.exe
        7⤵
        Executes dropped EXE
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54253.exe
        8⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48280.exe
        9⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43205.exe
        10⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        11⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52726.exe
        12⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
        12⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
        11⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
        10⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
        9⤵
        Program crash
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7802.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
        9⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
        10⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19255.exe
        11⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
        11⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
        10⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
        9⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        8⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34387.exe
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        8⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54222.exe
        9⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
        10⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26089.exe
        11⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
        12⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
        11⤵
        
        PID:10788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        10⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
        9⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54777.exe
        8⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31519.exe
        9⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29981.exe
        10⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        11⤵
        
        PID:12840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 216
        11⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
        10⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
        9⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        8⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
        7⤵
        Program crash
        
        PID:1932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
        6⤵
        Program crash
        
        PID:1840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 236
        5⤵
        Program crash
        
        PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14745.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11279.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32743.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60319.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21119.exe
        9⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
        10⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe
        11⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
        11⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
        10⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
        9⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 216
        8⤵
        Program crash
        
        PID:3400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        7⤵
        Program crash
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1969.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14564.exe
        7⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62665.exe
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62001.exe
        10⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
        11⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
        11⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
        10⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
        9⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 236
        8⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45903.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        8⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47331.exe
        9⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25233.exe
        10⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 216
        10⤵
        
        PID:12480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
        9⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        8⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
        7⤵
        
        PID:4296
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
        6⤵
        Program crash
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        8⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57258.exe
        9⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
        10⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        10⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 236
        9⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        8⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 216
        7⤵
        Program crash
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3059.exe
        6⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        7⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30844.exe
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22168.exe
        9⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22888.exe
        9⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63188.exe
        10⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 216
        10⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 220
        9⤵
        
        PID:9760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        8⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 216
        7⤵
        
        PID:4648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
        6⤵
        Program crash
        
        PID:1608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 220
        5⤵
        Program crash
        
        PID:2224
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6022.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39930.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53547.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        8⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
        9⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33610.exe
        10⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24311.exe
        11⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55253.exe
        12⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51640.exe
        13⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
        12⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
        11⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
        10⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31424.exe
        9⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51638.exe
        10⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22773.exe
        11⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        12⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10944 -s 216
        12⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
        11⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
        10⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        9⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16354.exe
        8⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29095.exe
        9⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20834.exe
        10⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63335.exe
        11⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2109.exe
        12⤵
        
        PID:12992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9296 -s 216
        12⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
        11⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        10⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
        9⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 220
        8⤵
        Program crash
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56069.exe
        7⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56448.exe
        8⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38820.exe
        9⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        10⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        11⤵
        
        PID:10764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
        11⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
        10⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
        9⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 216
        8⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
        7⤵
        Program crash
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29597.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54590.exe
        7⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63957.exe
        8⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60999.exe
        9⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
        10⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        11⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25965.exe
        12⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
        12⤵
        
        PID:12608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 220
        11⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
        10⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
        9⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16437.exe
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18867.exe
        9⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18743.exe
        10⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5736.exe
        11⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
        11⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
        10⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        9⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
        8⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40007.exe
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
        10⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6146.exe
        11⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
        11⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        10⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        9⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
        8⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
        7⤵
        Program crash
        
        PID:3964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
        6⤵
        Program crash
        
        PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-651.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29043.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14647.exe
        8⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        9⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38820.exe
        10⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        11⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        12⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 216
        12⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
        11⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        10⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
        9⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29649.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61866.exe
        9⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38639.exe
        10⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18446.exe
        11⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9352 -s 216
        11⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
        10⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        9⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        8⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39706.exe
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        8⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61866.exe
        9⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
        10⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        11⤵
        
        PID:13044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 216
        11⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
        10⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 236
        9⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        8⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 240
        7⤵
        Program crash
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42747.exe
        6⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe
        8⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
        9⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60681.exe
        10⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39110.exe
        11⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11048 -s 236
        11⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
        10⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 236
        9⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        8⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
        7⤵
        Program crash
        
        PID:4504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
        6⤵
        Program crash
        
        PID:2464
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        5⤵
        Program crash
        
        PID:860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50698.exe
        7⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23117.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe
        10⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-211.exe
        11⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        12⤵
        
        PID:10472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
        12⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
        11⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        10⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12929.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41944.exe
        9⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
        10⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
        11⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
        11⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        10⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        9⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
        8⤵
        Program crash
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64704.exe
        7⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32603.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9339.exe
        10⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63836.exe
        11⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
        11⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        10⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        9⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 216
        8⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
        7⤵
        Program crash
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26748.exe
        6⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        7⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-890.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40870.exe
        9⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50149.exe
        10⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29525.exe
        11⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
        11⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 236
        10⤵
        
        PID:10148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        9⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34309.exe
        7⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30844.exe
        8⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        9⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52726.exe
        10⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
        10⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
        9⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        8⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 240
        7⤵
        Program crash
        
        PID:4572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
        6⤵
        Program crash
        
        PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
        6⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
        7⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30844.exe
        8⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26444.exe
        9⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
        10⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
        10⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
        9⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        8⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
        7⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58347.exe
        6⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22168.exe
        8⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        9⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
        9⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
        8⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
        7⤵
        
        PID:6748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
        6⤵
        
        PID:4960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
        5⤵
        Program crash
        
        PID:2832
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
      4⤵
      Program crash
      PID:2736
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe

Filesize
184KB

MD5
aacc61536c73d057b4522a2d176ac753

SHA1
6121bc7f4d1405ccd7d6bb52df548a7f46ca4ab5

SHA256
8b739ac0f1689f17becfcd3c279dec11f6221fd430476c9cabb6a3ddd04751e1

SHA512
02169825f47691e5bba0501c31f99d04d8f3f19a736aff535867e57a75bf1a3427d521f293ddbebc8bcfc4cd888fd3e46f54ea084b9752f275910b3902a1c604

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exe

Filesize
184KB

MD5
4cd63d09ea97a8dbabc9830ffa846004

SHA1
e6633879b3d94a66e7952748a15caf8077b4327b

SHA256
3dbda5adf5eceeb0de8f7f7bc37428d217f27fe1b262618cb78e6f79475f7d25

SHA512
6496c5aded944259e80d8281f19cc95c6563bf17bf8441094b90704fb525afe5947dd2e83614d4d8ce35b437eb36ef26a0e3b3ea045d0396980e636bc41a9036

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe

Filesize
184KB

MD5
16531b4799359a3e701b11bbe75d0cbb

SHA1
2dd2c41e762876d83f8b39258e30b7efc227313e

SHA256
a6cd81234aa818cde4eda151b2a4404ee0344ede874c95dc6073d7837c804260

SHA512
3b4906389a6bfa9cca66238e6556bc8d5d4ca2b7afa4ca3de65bd50f4c0d46ffa3e253175f87f6166f0facbfdee9a0798f53d2408e1876473b5c8654d315a14f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe

Filesize
184KB

MD5
99788980e1baf1fa31946b5b3cf1c2e0

SHA1
1b7d459cd2e8b775e4b4fa09a571908389589e30

SHA256
9784a2a1239bf008009e5c614a422b3c3b7a9cac8a1c8aefc5a60cd64f3a366a

SHA512
001be32f47fda4353fa5bb27bc389e5b127e345954622e9d7378c74cd55038d5948fb03de6a77a72450b15d5de25eadab750410f403a9329e090ec030379dd00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe

Filesize
184KB

MD5
ee0be6995cd7696cb467503cc0ea5518

SHA1
8311325c4f6475ec95c58e2d951493a1be64c328

SHA256
52f793fc3e076248d74c7da76541797cbe3bd6b9dc0faecc118a6bf90e58d117

SHA512
e3a8819464d0c4bf77c2f4337bb60c90bbb6c6eeb71eb5beaaa1ae920dcd6e2e060db131c6fd05879420b787a7ab2f76cc1e313904d03bff7317e64daf99d031

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18729.exe

Filesize
184KB

MD5
016ce870460c109b0c2fe010e2ad4eb4

SHA1
91e65e8ad80cd39b6dbfb7ad53a044114a8846dd

SHA256
69c05aed50dc1a0677a645141c9f698b74be1f19fa64a8d4978ab9e615817f1d

SHA512
478eeab2830c7f4834bae9fe664f3eaf4290a4d0e8eeca8db2fda5f023258e1999570a10a46585de739fa7e3fc361a34bf0f46535afc908e4d2398075cfbad59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22334.exe

Filesize
184KB

MD5
0e8832cee519fead397ee895bf41567d

SHA1
ba51a8a69f7135215ea905fff4a5de69dbb695da

SHA256
7670e9d19002bd4b977a46e33142ad4b37ab9816c3413ec65d6ed6c42efc46b7

SHA512
e418ec135c4d00e916b7db67d6fbefcc65f8daadedbb522a101f369f43231cfc1ef82ac51ca6013621c960554b202f0a3e4ee8999c909ddbba4440060b19c05d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe

Filesize
184KB

MD5
d3457dcb9600178ce55cc4890d705682

SHA1
8f99651be2e85130026350b2bdefe6f33e25ee54

SHA256
eefd3e5518f591236ebe9e1bf1221c9dde5a3478aee44bd71b8bbab9ce9dd576

SHA512
cea9e6382278c92e21dd444d4f4a7b54de9ff71552331e0b21da51854f5e53af24e11b67c39053e7ec85b1f477aaee9fddaf8df558424686294df40089925756

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39706.exe

Filesize
184KB

MD5
8556fa2bd537066b5580f30058ccb28e

SHA1
02a648942b985e46600cd9ae4579df60ea195616

SHA256
bc3d0fcc9eb808a5aa5b744a443bf534bff6af454682a205c85c896b104b5b55

SHA512
b1b463d2169c72fbfed3add29a4f0043d86b3be23647efc3966216530a0613fd3e55904865a5176110b0850311a194edb3301d320d1b84f780475532291dc2ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe

Filesize
184KB

MD5
54babc53e76bda576f0034e2b23af5ee

SHA1
606d95ad75d9cb250f0308a66303b03f1c1340f8

SHA256
039549a5accef0846a77aa229babeb1d5fd6eb15ae166c6599b801b9a32893b0

SHA512
21c9ce32d319325836f22c6e1cbda8719f0efb1ded33af186d74cdc566a65e023f347a9f7c9945ab5db0e390fe727c70e255c0417f022ec7d349c85a742bb27b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40007.exe

Filesize
184KB

MD5
6e08f5899203bb7ad07110db9ccf3888

SHA1
3738c617f0fd46a851b1048ce01898aeef38d692

SHA256
4bb399e915d34e27dab53048f676312cce1075c6c6a5c1cdaa78d814a45a958a

SHA512
9efbb5f5a8062e7a83f2f3f841c9a87f3ac3c7440cbc6917b96374421c94698f6017486e676d77dd6dc42ce3b32e06e64dee73db9ca280dee9c0f6448f48d20b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe

Filesize
184KB

MD5
bc07d7e1412f217c3d39b335ccd3c725

SHA1
1cd39e07703810a757045cddb09ec5b02567cfc6

SHA256
dd6a5af3e5b05c761cdd64fb9f7811fe540193e670f8503f9a6ddec7018c9846

SHA512
e0a296210d8f0e616403e6317fff66484591d5d8f38d15430760c1425d6e62535c61ac2428a289b0688dc06a6d84652c6cc1ecbffac8dcea3ed6196b74286a4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9915.exe

Filesize
184KB

MD5
cb20b41949c2aee1276a6e4d31bc8d0d

SHA1
28def19d5fc53f140f54a786efb9a5c5ac3d37df

SHA256
51c171e64a546fb81edd6358573ab4c86660e0a355961d4bf4ce88c926020944

SHA512
e1f1880b227182f7c5951589eb56a5bcbbab090b7aa6d449b389f56828c9624ab571ab7c288a052a3dd1d9fb30f958a9a0db9d5f1c5b302ac354ad704b2eeba8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe

Filesize
184KB

MD5
8bca38f24536e14c240742fdcc7da7ca

SHA1
a888acdb55e7d19e3e2386816ec70309569e62a7

SHA256
31b54a221c94dae8eda62afa7598aacea24ef95cd0b801d2d2936e6d7ad0eb0e

SHA512
46020819b1f2553d33fdd4476ee00e4c3e6dd724f11eaa3740b58520ff4aad559fc1d1b962228fbce1b1926d81abd3dd913ade36bcc8f48079eafbe494d84672

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe

Filesize
184KB

MD5
b04f00d71e9cde6335f4fbaca7215854

SHA1
33bdc0780b705a0486a5694e8e542ee294aa5f53

SHA256
c132e8c5d11654ed4e4f54a3b5d6773be48e4138e862f973d10810105b402116

SHA512
9a9f9a7ade2fc87b5ef3fab936c5afe7a58ccd02968dfd58b6695474860b3a7d22bf053beefeac6fe1e653e52ee050f6fddb08aa381f4e72b84c82fc68187bfd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe

Filesize
184KB

MD5
72b05eb3531e4cf1e5f6d0cbebdf834d

SHA1
83fcfc857c03247722e652987887a5daa9ffc617

SHA256
5eccf23feead51731785d2aff1439d811bacfbb458c89cff06b973e59451ac2a

SHA512
5c8cae6bb9f60ebacfc4742f4afe83e540ee7d12356a5820e5599b69e7a669005baa043aaa40c94ca8910667860bbf93ffb23a350530729c5e364f981ab6b9b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe

Filesize
184KB

MD5
641b03553be9e0a85c486bc153bedc10

SHA1
016afb09b773d2f8046a5a8e168dcde879f73dfd

SHA256
5cdfd185e27df7b2c8f789efd9d404604ccf848d1d09a3d21cc4ee189225dd7a

SHA512
64d3a5ea87bebf09672615a154e0b11ac66b2b61ea127f9ac84914f55eeb8b2138e92f7031651b51388e557ddf3051c582fe11e2f60276db56491e992862db4d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48308.exe

Filesize
184KB

MD5
ef19d7a2f2b55cc51af5e0a31d9ee0a3

SHA1
9307c27f9e39933b10b497b85b9608931cdb5b49

SHA256
66881c938be83af7ac928d2f50c5df94f818bc686233083b811cf54d37b8e4c1

SHA512
06b23c9e6c62cb9998c1cdf342d31e0293f9ca18d82d096cf01cffbe0f79b51a25f0eb4fa79ab3b297b0a792e47e790d790d05f44699e31a32e1e95d1bf63cfc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49932.exe

Filesize
184KB

MD5
a1e7606e478be3c8083d92430170e378

SHA1
b6e37567ee68a292f51f851e30a351e4c7ab5ab2

SHA256
8cb181872e70e2bfbfb71170b92257d2ebaee42117a17b14c3de033eb5bc1596

SHA512
533798d186f66ba4d39039f0077d8c32b4db9b3e2cbab50dd48937dd45d0708413d8c7dd61e6883b4993f6d4bd780965e3109493e9dde61d04bba7bc9b8ceb93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50669.exe

Filesize
184KB

MD5
faa89c2d5110ee14fa70fd413b7a556d

SHA1
2e162f0da8ef219c6764e1ad59bb27ff801174ed

SHA256
28f72d11153c8dc1303f25780ce0bfa8a6a35f99214431b0cbac35eb35699d03

SHA512
7bc05976288d67aae0da3f6e7a6c7be27f82da2559ddefca51e083ae3a7075f13244f33be6ea6eb750d09da54ca252eb243bc4c20076f00b0d862dafd091cde4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55031.exe

Filesize
184KB

MD5
fd2139045f34dde3b9f49cb39685de9b

SHA1
d2a817acbd8a396bad94cfd28ec856d0755f196b

SHA256
397356b8f9ea385eb485dbf94f52e63af0bfaeb9d91e4b2e5974701a322e5607

SHA512
216d603cbce6b93d88296d13a4cd844fa3138a27006a20b2ee64041bad916a20035eae2c24dfe861236367012e78ba0a84334404f9918771289a61a8264f18bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe

Filesize
184KB

MD5
3e2c3439c9a72bb80cc44e18004fbf15

SHA1
d703f034a886e15d90976ada164737322dd54f18

SHA256
c2c37f333f4577d5d7ab81d3f160c436002bd68e50c0ff2bca5b37c35a730ae6

SHA512
831c8cf922ca41cf1fab603ae9349e272ddff2536280db1e99a0b28ea9fd9073a3b41e16fb31aa33584eccca9a934cd6da5577deceb9d552a906f8ccead8fc12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6022.exe

Filesize
184KB

MD5
da2732a73ee0c1afe77f37f05fe86041

SHA1
fcbd8d17f789aa23ea3e70f839bdca89d0c3d8c9

SHA256
909385441de5891c31237bef9a1b69b9c931f1295c55200a78fd4bfc42256a6d

SHA512
5fc3e56a1e765f62f87f72493d5f324de31e578fc65f5fe9669d637a1ee46c6d0bca586aab85171b54d204f969ba651a02211c0ea375d2345b5d3ecfca03aa1f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61463.exe

Filesize
184KB

MD5
62f5a34228595e40f93306436f4d5ebd

SHA1
22a08cef55699cec68f2b20affc36a0ec9431247

SHA256
7cc69d552f352bd1b77156f403c9d254d88fc72aa03db553c4440093447fb497

SHA512
5beedf8e04bafe4efae95f9d69aae9e80ff19adad61ec9c888398634ea0497cc67d06a30293bbb82551b6ffc9a7124b155343e0ab57180ce338bc817cdfda6f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8370.exe

Filesize
184KB

MD5
495c52ffc90fd44e7497f8c6eac2547d

SHA1
44c7ac432ff7050b9da74549e5d2838afa55d26e

SHA256
af098552730f37487b60d7847e4bfb41ca032344f7e987224bc5ad476af9c019

SHA512
5ce17dea95387399bf537e533f199c00f25b1894088f578b3edc21c6df9ffcd7497daf9413a4c34c97699136fd97e227b305f0c12b42a7576bce3a2480c86e78

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads