b48640d15887c2d5ffa8053bc7688548ba2e21ac689f7d3e259cd8463a088df1

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 01:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe
Size

184KB
MD5

87ab003a0ed5ef6d8e0fcbf0c1144f90
SHA1

d4a272fb309980786abd4a802dfa39a945f02bdc
SHA256

b48640d15887c2d5ffa8053bc7688548ba2e21ac689f7d3e259cd8463a088df1
SHA512

a4836a61107376537a172f5f84698df3be6c3d587f58aeda8b1c3dc633d3278e99413a4324ee2011cf057fc1bd4d65e834115ff72e2ea0548e7223a7695f4b62
SSDEEP

1536:W7At6jZ4m3NxoVx1tJOAlawMP2Iyv1cl6md8S7LR2/zet8hl5hj5niApv2:AlJ3Nxob7JOTdPtWqr7LRIs8hlnVimu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2936	Unicorn-58374.exe
2564	Unicorn-2212.exe
2628	Unicorn-15787.exe
2764	Unicorn-25223.exe
2588	Unicorn-5165.exe
2088	Unicorn-45267.exe
1452	Unicorn-50057.exe
1128	Unicorn-14732.exe
1860	Unicorn-363.exe
2344	Unicorn-9066.exe
2328	Unicorn-50696.exe
2036	Unicorn-64079.exe
2644	Unicorn-18216.exe
2220	Unicorn-47058.exe
2460	Unicorn-1386.exe
948	Unicorn-42762.exe
1788	Unicorn-38163.exe
912	Unicorn-11049.exe
2024	Unicorn-56721.exe
788	Unicorn-41034.exe
2796	Unicorn-8745.exe
1468	Unicorn-25959.exe
2192	Unicorn-4147.exe
1048	Unicorn-22128.exe
1284	Unicorn-25959.exe
1900	Unicorn-1867.exe
572	Unicorn-17903.exe
2856	Unicorn-63574.exe
2700	Unicorn-48079.exe
1528	Unicorn-331.exe
2240	Unicorn-62038.exe
2944	Unicorn-33580.exe
2620	Unicorn-35151.exe
2204	Unicorn-55209.exe
2672	Unicorn-3055.exe
2080	Unicorn-53133.exe
2448	Unicorn-22921.exe
2120	Unicorn-22921.exe
2908	Unicorn-22729.exe
2440	Unicorn-18898.exe
2868	Unicorn-38764.exe
1360	Unicorn-42641.exe
1016	Unicorn-37492.exe
2336	Unicorn-58126.exe
2520	Unicorn-56242.exe
2052	Unicorn-9812.exe
2040	Unicorn-14218.exe
2232	Unicorn-32200.exe
1412	Unicorn-12334.exe
1724	Unicorn-62734.exe
1100	Unicorn-48453.exe
2928	Unicorn-43662.exe
352	Unicorn-37291.exe
1548	Unicorn-40005.exe
1272	Unicorn-40005.exe
760	Unicorn-35214.exe
1676	Unicorn-55080.exe
2124	Unicorn-7524.exe
908	Unicorn-7332.exe
2056	Unicorn-22984.exe
1500	Unicorn-40773.exe
1524	Unicorn-20907.exe
1720	Unicorn-36174.exe
2568	Unicorn-40581.exe

Loads dropped DLL 64 IoCs

pid	Process
2100	87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe
2100	87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe
2936	Unicorn-58374.exe
2936	Unicorn-58374.exe
2100	87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe
2100	87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe
2628	Unicorn-15787.exe
2628	Unicorn-15787.exe
2936	Unicorn-58374.exe
2936	Unicorn-58374.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2564	Unicorn-2212.exe
2564	Unicorn-2212.exe
2764	Unicorn-25223.exe
2764	Unicorn-25223.exe
2628	Unicorn-15787.exe
2628	Unicorn-15787.exe
2588	Unicorn-5165.exe
2588	Unicorn-5165.exe
292	WerFault.exe
292	WerFault.exe
292	WerFault.exe
292	WerFault.exe
1224	WerFault.exe
1224	WerFault.exe
1224	WerFault.exe
1224	WerFault.exe
1224	WerFault.exe
292	WerFault.exe
2088	Unicorn-45267.exe
2088	Unicorn-45267.exe
1452	Unicorn-50057.exe
1452	Unicorn-50057.exe
2764	Unicorn-25223.exe
2764	Unicorn-25223.exe
1860	Unicorn-363.exe
1860	Unicorn-363.exe
2588	Unicorn-5165.exe
1128	Unicorn-14732.exe
2588	Unicorn-5165.exe
1128	Unicorn-14732.exe
488	WerFault.exe
488	WerFault.exe
488	WerFault.exe
488	WerFault.exe
488	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
2344	Unicorn-9066.exe
2344	Unicorn-9066.exe
2088	Unicorn-45267.exe
2088	Unicorn-45267.exe
1452	Unicorn-50057.exe
2328	Unicorn-50696.exe
2328	Unicorn-50696.exe
1452	Unicorn-50057.exe
2036	Unicorn-64079.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2676	2100	WerFault.exe	27
2492	2936	WerFault.exe	28
292	2564	WerFault.exe	29
1224	2628	WerFault.exe	30
488	2764	WerFault.exe	32
1140	2588	WerFault.exe	33
1068	2088	WerFault.exe	35
2504	1452	WerFault.exe	36
2128	1860	WerFault.exe	38
288	1128	WerFault.exe	37
472	2344	WerFault.exe	41
548	2328	WerFault.exe	42
2484	2036	WerFault.exe	43
1888	2460	WerFault.exe	46
2148	2644	WerFault.exe	44
1568	2220	WerFault.exe	45
2028	1528	WerFault.exe	67
2432	948	WerFault.exe	49
2436	1788	WerFault.exe	50
1504	2024	WerFault.exe	52
1228	912	WerFault.exe	51
1796	788	WerFault.exe	53
848	1284	WerFault.exe	57
1844	1468	WerFault.exe	56
1944	2192	WerFault.exe	55
2264	1048	WerFault.exe	58
1960	2796	WerFault.exe	54
2444	2900	WerFault.exe	128
2528	1900	WerFault.exe	62
1364	572	WerFault.exe	65
1536	2700	WerFault.exe	66
2852	2856	WerFault.exe	64
1880	2240	WerFault.exe	68
2844	2944	WerFault.exe	69
3020	2204	WerFault.exe	71
2896	2620	WerFault.exe	70
2168	2908	WerFault.exe	76
2980	2080	WerFault.exe	73
2016	2672	WerFault.exe	72
448	2120	WerFault.exe	75
2592	2448	WerFault.exe	74
2560	2868	WerFault.exe	78
900	2440	WerFault.exe	77
4044	1720	WerFault.exe	107
4068	1524	WerFault.exe	106
4064	760	WerFault.exe	100
4092	1272	WerFault.exe	99
3132	352	WerFault.exe	97
3204	2056	WerFault.exe	103
3276	2520	WerFault.exe	88
3324	2568	WerFault.exe	108
3660	2336	WerFault.exe	87
3700	1500	WerFault.exe	105
3728	2124	WerFault.exe	102
3784	2308	WerFault.exe	112
3864	2728	WerFault.exe	116
3892	1360	WerFault.exe	81
3904	1016	WerFault.exe	83
3972	2332	WerFault.exe	131
3992	1496	WerFault.exe	126
4016	2512	WerFault.exe	130
3932	908	WerFault.exe	104
3496	2540	WerFault.exe	134
3428	2600	WerFault.exe	135

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2100	87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe
2936	Unicorn-58374.exe
2564	Unicorn-2212.exe
2628	Unicorn-15787.exe
2764	Unicorn-25223.exe
2588	Unicorn-5165.exe
2088	Unicorn-45267.exe
1452	Unicorn-50057.exe
1128	Unicorn-14732.exe
1860	Unicorn-363.exe
2344	Unicorn-9066.exe
2328	Unicorn-50696.exe
2036	Unicorn-64079.exe
2460	Unicorn-1386.exe
2644	Unicorn-18216.exe
2220	Unicorn-47058.exe
948	Unicorn-42762.exe
1788	Unicorn-38163.exe
912	Unicorn-11049.exe
2024	Unicorn-56721.exe
788	Unicorn-41034.exe
2796	Unicorn-8745.exe
1048	Unicorn-22128.exe
1468	Unicorn-25959.exe
2192	Unicorn-4147.exe
1284	Unicorn-25959.exe
1900	Unicorn-1867.exe
572	Unicorn-17903.exe
2856	Unicorn-63574.exe
2700	Unicorn-48079.exe
1528	Unicorn-331.exe
2240	Unicorn-62038.exe
2944	Unicorn-33580.exe
2620	Unicorn-35151.exe
2204	Unicorn-55209.exe
2672	Unicorn-3055.exe
2448	Unicorn-22921.exe
2080	Unicorn-53133.exe
2120	Unicorn-22921.exe
2440	Unicorn-18898.exe
2908	Unicorn-22729.exe
2868	Unicorn-38764.exe
1360	Unicorn-42641.exe
1016	Unicorn-37492.exe
2336	Unicorn-58126.exe
2520	Unicorn-56242.exe
2052	Unicorn-9812.exe
2040	Unicorn-14218.exe
1412	Unicorn-12334.exe
2232	Unicorn-32200.exe
1724	Unicorn-62734.exe
1100	Unicorn-48453.exe
2928	Unicorn-43662.exe
352	Unicorn-37291.exe
1272	Unicorn-40005.exe
1548	Unicorn-40005.exe
1676	Unicorn-55080.exe
760	Unicorn-35214.exe
908	Unicorn-7332.exe
2124	Unicorn-7524.exe
2056	Unicorn-22984.exe
1524	Unicorn-20907.exe
2568	Unicorn-40581.exe
1720	Unicorn-36174.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2936	2100	87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe	28
PID 2100 wrote to memory of 2936	2100	87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe	28
PID 2100 wrote to memory of 2936	2100	87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe	28
PID 2100 wrote to memory of 2936	2100	87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe	28
PID 2936 wrote to memory of 2564	2936	Unicorn-58374.exe	29
PID 2936 wrote to memory of 2564	2936	Unicorn-58374.exe	29
PID 2936 wrote to memory of 2564	2936	Unicorn-58374.exe	29
PID 2936 wrote to memory of 2564	2936	Unicorn-58374.exe	29
PID 2100 wrote to memory of 2628	2100	87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe	30
PID 2100 wrote to memory of 2628	2100	87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe	30
PID 2100 wrote to memory of 2628	2100	87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe	30
PID 2100 wrote to memory of 2628	2100	87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe	30
PID 2100 wrote to memory of 2676	2100	87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe	31
PID 2100 wrote to memory of 2676	2100	87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe	31
PID 2100 wrote to memory of 2676	2100	87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe	31
PID 2100 wrote to memory of 2676	2100	87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe	31
PID 2628 wrote to memory of 2764	2628	Unicorn-15787.exe	32
PID 2628 wrote to memory of 2764	2628	Unicorn-15787.exe	32
PID 2628 wrote to memory of 2764	2628	Unicorn-15787.exe	32
PID 2628 wrote to memory of 2764	2628	Unicorn-15787.exe	32
PID 2936 wrote to memory of 2588	2936	Unicorn-58374.exe	33
PID 2936 wrote to memory of 2588	2936	Unicorn-58374.exe	33
PID 2936 wrote to memory of 2588	2936	Unicorn-58374.exe	33
PID 2936 wrote to memory of 2588	2936	Unicorn-58374.exe	33
PID 2936 wrote to memory of 2492	2936	Unicorn-58374.exe	34
PID 2936 wrote to memory of 2492	2936	Unicorn-58374.exe	34
PID 2936 wrote to memory of 2492	2936	Unicorn-58374.exe	34
PID 2936 wrote to memory of 2492	2936	Unicorn-58374.exe	34
PID 2564 wrote to memory of 2088	2564	Unicorn-2212.exe	35
PID 2564 wrote to memory of 2088	2564	Unicorn-2212.exe	35
PID 2564 wrote to memory of 2088	2564	Unicorn-2212.exe	35
PID 2564 wrote to memory of 2088	2564	Unicorn-2212.exe	35
PID 2764 wrote to memory of 1452	2764	Unicorn-25223.exe	36
PID 2764 wrote to memory of 1452	2764	Unicorn-25223.exe	36
PID 2764 wrote to memory of 1452	2764	Unicorn-25223.exe	36
PID 2764 wrote to memory of 1452	2764	Unicorn-25223.exe	36
PID 2628 wrote to memory of 1128	2628	Unicorn-15787.exe	37
PID 2628 wrote to memory of 1128	2628	Unicorn-15787.exe	37
PID 2628 wrote to memory of 1128	2628	Unicorn-15787.exe	37
PID 2628 wrote to memory of 1128	2628	Unicorn-15787.exe	37
PID 2588 wrote to memory of 1860	2588	Unicorn-5165.exe	38
PID 2588 wrote to memory of 1860	2588	Unicorn-5165.exe	38
PID 2588 wrote to memory of 1860	2588	Unicorn-5165.exe	38
PID 2588 wrote to memory of 1860	2588	Unicorn-5165.exe	38
PID 2564 wrote to memory of 292	2564	Unicorn-2212.exe	39
PID 2564 wrote to memory of 292	2564	Unicorn-2212.exe	39
PID 2564 wrote to memory of 292	2564	Unicorn-2212.exe	39
PID 2564 wrote to memory of 292	2564	Unicorn-2212.exe	39
PID 2628 wrote to memory of 1224	2628	Unicorn-15787.exe	40
PID 2628 wrote to memory of 1224	2628	Unicorn-15787.exe	40
PID 2628 wrote to memory of 1224	2628	Unicorn-15787.exe	40
PID 2628 wrote to memory of 1224	2628	Unicorn-15787.exe	40
PID 2088 wrote to memory of 2344	2088	Unicorn-45267.exe	41
PID 2088 wrote to memory of 2344	2088	Unicorn-45267.exe	41
PID 2088 wrote to memory of 2344	2088	Unicorn-45267.exe	41
PID 2088 wrote to memory of 2344	2088	Unicorn-45267.exe	41
PID 1452 wrote to memory of 2328	1452	Unicorn-50057.exe	42
PID 1452 wrote to memory of 2328	1452	Unicorn-50057.exe	42
PID 1452 wrote to memory of 2328	1452	Unicorn-50057.exe	42
PID 1452 wrote to memory of 2328	1452	Unicorn-50057.exe	42
PID 2764 wrote to memory of 2036	2764	Unicorn-25223.exe	43
PID 2764 wrote to memory of 2036	2764	Unicorn-25223.exe	43
PID 2764 wrote to memory of 2036	2764	Unicorn-25223.exe	43
PID 2764 wrote to memory of 2036	2764	Unicorn-25223.exe	43

C:\Users\Admin\AppData\Local\Temp\87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\87ab003a0ed5ef6d8e0fcbf0c1144f90_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45267.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9066.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        9⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        10⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20957.exe
        11⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe
        12⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        13⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe
        14⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe
        15⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 216
        14⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
        13⤵
        
        PID:9760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
        12⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        11⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 216
        10⤵
        Program crash
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        9⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8232.exe
        10⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36424.exe
        11⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31056.exe
        12⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe
        13⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
        14⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 216
        13⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
        12⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 220
        11⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 236
        10⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 240
        9⤵
        Program crash
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52213.exe
        8⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11435.exe
        9⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
        10⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        11⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
        12⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
        13⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        14⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8316 -s 236
        13⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
        12⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        11⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 216
        10⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 220
        8⤵
        Program crash
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37492.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55057.exe
        8⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
        9⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
        10⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50354.exe
        11⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 240
        12⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 236
        11⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 236
        10⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        9⤵
        Program crash
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        8⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23884.exe
        9⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
        10⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        11⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48357.exe
        12⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 216
        12⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
        11⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
        10⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 240
        8⤵
        Program crash
        
        PID:3904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
        7⤵
        Program crash
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
        8⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
        10⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27817.exe
        11⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
        12⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        13⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
        12⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 236
        11⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        10⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe
        9⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
        10⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
        11⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        12⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9380 -s 216
        12⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 236
        11⤵
        
        PID:10856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
        10⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
        9⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        8⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60542.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10197.exe
        9⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        10⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe
        11⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
        12⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 236
        12⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 216
        11⤵
        
        PID:11124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 236
        10⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
        9⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
        8⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        7⤵
        Program crash
        
        PID:2852
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
        6⤵
        Program crash
        
        PID:472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38163.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17903.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58126.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
        8⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52821.exe
        9⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1100.exe
        10⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe
        11⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe
        12⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
        13⤵
        
        PID:10844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 236
        13⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
        12⤵
        
        PID:10384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
        11⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
        10⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
        9⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
        8⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
        9⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        10⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        11⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24848.exe
        12⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 216
        12⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
        11⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
        10⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
        9⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        8⤵
        Program crash
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39991.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
        9⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        10⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35796.exe
        11⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59632.exe
        12⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 216
        12⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
        11⤵
        
        PID:10400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
        10⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        9⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
        8⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
        7⤵
        Program crash
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59857.exe
        7⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
        9⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
        10⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4043.exe
        11⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37572.exe
        12⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
        12⤵
        
        PID:920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
        11⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        10⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 216
        9⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 236
        8⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
        7⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40819.exe
        9⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21434.exe
        10⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
        11⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe
        12⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
        11⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 236
        10⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
        9⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
        8⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        7⤵
        Program crash
        
        PID:3276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        6⤵
        Program crash
        
        PID:2436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        5⤵
        Program crash
        
        PID:1068
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18216.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22921.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40773.exe
        8⤵
        Executes dropped EXE
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
        10⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
        11⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        12⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7386.exe
        13⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        14⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47596.exe
        15⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 236
        14⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
        13⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
        12⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
        11⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
        10⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        9⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
        10⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        11⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
        12⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51860.exe
        13⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51675.exe
        14⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 236
        13⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 220
        12⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
        11⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        10⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 220
        9⤵
        Program crash
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61284.exe
        8⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24778.exe
        9⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4823.exe
        10⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-293.exe
        11⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
        12⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62086.exe
        13⤵
        
        PID:10820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 236
        13⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
        12⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
        11⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        10⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
        9⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        8⤵
        Program crash
        
        PID:2592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
        7⤵
        Program crash
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53133.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39453.exe
        8⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58820.exe
        9⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
        10⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59873.exe
        11⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44251.exe
        12⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
        13⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe
        14⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 216
        13⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
        12⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
        11⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        10⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22509.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46520.exe
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe
        10⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5679.exe
        11⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27449.exe
        12⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9926.exe
        13⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
        11⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
        10⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
        9⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 220
        8⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
        7⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
        8⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5025.exe
        9⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57906.exe
        10⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        11⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16306.exe
        12⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 216
        12⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
        11⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
        10⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        9⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 236
        8⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        7⤵
        Program crash
        
        PID:2980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 220
        6⤵
        Program crash
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38764.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7332.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22624.exe
        8⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        9⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20957.exe
        10⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        11⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
        12⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29826.exe
        13⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 216
        13⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
        12⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
        11⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
        10⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
        9⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        9⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe
        10⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        11⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe
        12⤵
        
        PID:11284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 216
        12⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
        11⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
        10⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        9⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
        8⤵
        Program crash
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64209.exe
        9⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        10⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24667.exe
        11⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
        12⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 236
        11⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
        10⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        9⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 236
        8⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 220
        7⤵
        Program crash
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14844.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60738.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        9⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
        10⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        11⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        12⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 236
        11⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
        10⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        9⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
        8⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 236
        7⤵
        Program crash
        
        PID:4044
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
        6⤵
        Program crash
        
        PID:2264
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
        5⤵
        Program crash
        
        PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47058.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55209.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64578.exe
        9⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1812.exe
        10⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        11⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        12⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19679.exe
        13⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 236
        12⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 236
        11⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
        10⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 216
        9⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
        8⤵
        Program crash
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        7⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33927.exe
        8⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
        9⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48809.exe
        10⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6513.exe
        11⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
        12⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 216
        12⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 216
        11⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
        10⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
        9⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
        8⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        7⤵
        Program crash
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35214.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30880.exe
        7⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3566.exe
        9⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
        10⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25840.exe
        11⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53768.exe
        12⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
        11⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 236
        10⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
        9⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        8⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 236
        7⤵
        Program crash
        
        PID:4064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
        6⤵
        Program crash
        
        PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62784.exe
        7⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14601.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13894.exe
        9⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
        10⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
        11⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37572.exe
        12⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
        12⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
        11⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
        10⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        9⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 236
        8⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20684.exe
        9⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        10⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30011.exe
        11⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 216
        11⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
        10⤵
        
        PID:10172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        9⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        8⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        7⤵
        Program crash
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43494.exe
        6⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48592.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19515.exe
        8⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
        9⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe
        10⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        11⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 236
        11⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
        10⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        9⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        8⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
        7⤵
        
        PID:4672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        6⤵
        Program crash
        
        PID:2016
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        5⤵
        Program crash
        
        PID:1568
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1140
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25223.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25223.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50696.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11049.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-331.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        8⤵
        Program crash
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        9⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        10⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        11⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
        12⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2932.exe
        13⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
        13⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
        12⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
        11⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        10⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
        9⤵
        Program crash
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        8⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
        10⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        11⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8037.exe
        12⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9340 -s 216
        12⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
        11⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        10⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        9⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 220
        8⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
        7⤵
        Program crash
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe
        8⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 200
        9⤵
        Program crash
        
        PID:2444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
        8⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4855.exe
        8⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46452.exe
        9⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42936.exe
        10⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34060.exe
        11⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56592.exe
        12⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39892.exe
        13⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 216
        12⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        11⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
        10⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
        9⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
        8⤵
        Program crash
        
        PID:4016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
        7⤵
        Program crash
        
        PID:1880
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
        6⤵
        Program crash
        
        PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56721.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48079.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14218.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
        9⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1439.exe
        10⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
        11⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51055.exe
        12⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
        13⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17022.exe
        14⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
        13⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
        12⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
        11⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        10⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 216
        9⤵
        Program crash
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe
        8⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22136.exe
        10⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
        11⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-322.exe
        12⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 216
        12⤵
        
        PID:11444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 216
        11⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
        10⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        9⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
        8⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28253.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-439.exe
        8⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2444.exe
        9⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        10⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        11⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62580.exe
        12⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 216
        12⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
        11⤵
        
        PID:10696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
        10⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        9⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
        8⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        7⤵
        Program crash
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12334.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55991.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
        9⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47704.exe
        10⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12702.exe
        11⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59632.exe
        12⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9456 -s 216
        12⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
        11⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
        10⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        9⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29089.exe
        7⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2691.exe
        9⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe
        10⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30442.exe
        11⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 236
        11⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
        10⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
        9⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        8⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 240
        7⤵
        
        PID:4632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        6⤵
        Program crash
        
        PID:1504
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
        5⤵
        Program crash
        
        PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33580.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65088.exe
        8⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
        9⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        10⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13012.exe
        11⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        12⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1588.exe
        13⤵
        
        PID:11148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 216
        13⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 216
        12⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        11⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        10⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
        9⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
        8⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
        9⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55576.exe
        10⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        11⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18247.exe
        12⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9352 -s 216
        12⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
        11⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        10⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        9⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
        8⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42726.exe
        7⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34119.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49405.exe
        9⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe
        10⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
        11⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
        12⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
        13⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 216
        12⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 220
        11⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        10⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
        9⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        9⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60438.exe
        10⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10816.exe
        11⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
        12⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 236
        11⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
        10⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
        9⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
        8⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
        7⤵
        Program crash
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        7⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51835.exe
        8⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        10⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
        11⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
        12⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53768.exe
        13⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 236
        12⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 236
        11⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 236
        10⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
        9⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
        8⤵
        Program crash
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64450.exe
        7⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe
        8⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59655.exe
        9⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26125.exe
        10⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34645.exe
        11⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9264 -s 216
        11⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
        10⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        9⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        8⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        7⤵
        
        PID:4240
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
        6⤵
        Program crash
        
        PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
        8⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        9⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40550.exe
        10⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55989.exe
        11⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        12⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 216
        12⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
        11⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
        10⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        9⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
        8⤵
        Program crash
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
        7⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42586.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28268.exe
        9⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60323.exe
        10⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
        11⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37234.exe
        12⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 236
        11⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 236
        10⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
        9⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 236
        8⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
        7⤵
        Program crash
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        6⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37768.exe
        9⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        10⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49130.exe
        11⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1646.exe
        12⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 216
        11⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
        10⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        9⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        8⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23269.exe
        8⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38928.exe
        9⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32109.exe
        10⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11160 -s 220
        11⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 236
        10⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
        9⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        8⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
        7⤵
        
        PID:5468
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        6⤵
        Program crash
        
        PID:2896
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
        5⤵
        Program crash
        
        PID:2484
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14732.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe
        8⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe
        9⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        10⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 188
        11⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
        10⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
        9⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51965.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
        9⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63526.exe
        10⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10234.exe
        11⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18247.exe
        12⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 236
        12⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
        11⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
        10⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        9⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        8⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11206.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1638.exe
        8⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        9⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 240
        10⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        9⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 216
        8⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 220
        7⤵
        Program crash
        
        PID:2168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
        6⤵
        Program crash
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18898.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39453.exe
        7⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17012.exe
        9⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55284.exe
        10⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61781.exe
        11⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62268.exe
        12⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
        11⤵
        
        PID:11176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 236
        10⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        9⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
        8⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38762.exe
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe
        9⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
        10⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14438.exe
        11⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32310.exe
        12⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
        11⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
        10⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        9⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
        8⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
        7⤵
        Program crash
        
        PID:3324
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
        6⤵
        Program crash
        
        PID:900
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
        5⤵
        Program crash
        
        PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4147.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22921.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15612.exe
        7⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2188.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23929.exe
        9⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe
        10⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47646.exe
        11⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        12⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33654.exe
        13⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
        12⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 236
        11⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 236
        10⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        9⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 216
        8⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        8⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 220
        9⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        8⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        7⤵
        Program crash
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19587.exe
        6⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16330.exe
        7⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9768.exe
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43678.exe
        9⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23064.exe
        10⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48860.exe
        11⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43233.exe
        12⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
        11⤵
        
        PID:11772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 236
        10⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
        9⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        8⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 236
        7⤵
        
        PID:4360
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        6⤵
        Program crash
        
        PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        6⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65346.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
        8⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
        9⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48860.exe
        10⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
        11⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 216
        10⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
        9⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        8⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
        7⤵
        
        PID:4916
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
        6⤵
        Program crash
        
        PID:4068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 220
        5⤵
        Program crash
        
        PID:1944
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 240
      4⤵
      Program crash
      PID:288
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 220
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1224
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
  2⤵
  - Program crash
  PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe

Filesize
184KB

MD5
03821d48f31ffb56740147425d648099

SHA1
aaab7aea5bcce2b8e44636bd009c3305d6b2f09f

SHA256
53de3f9a543139d2e85f579c2c8495143daf27e5502dbf93d4859f9dbbbde381

SHA512
b3fbe9782735d2f43680cfd90ad0a6de52c974d11774a441df9e9afccae7c8024a04f4202ddbabde29862dc78c0c8dc7396700d7c25d583fa73639455130262a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe

Filesize
184KB

MD5
20996937ffb7af0e03113d24e2169a8d

SHA1
3300297045d9569a7fe41791c5eacfd3f33396db

SHA256
692c7f2d97b2e73e48dd99a389e018a21069aa0abcb20efc65c05b6e2b9d232f

SHA512
d1c8e7ae295203826ac37b9e3ce7bf7053e4fdefada24e14e6c9c786be040284c23572d4459f2baae6bc608ec79d5b5b2914720b781a2a6f36c5674c1b062a27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23064.exe

Filesize
184KB

MD5
f6403d6614370e5b470ff3a92a1309c2

SHA1
510a604544b24d68c91c3a89869d8187be4d2a87

SHA256
3d6d5f826f5b6b08a2cd992bbc700fa779bb049e85cbb995904ca4e72dba6827

SHA512
3074c5cb333b59a4d7160a52ef5a4d5ffcc116d86006e0fde4e7392aed0d2bf51a864ae05f70146ecdbba6d0bf63d12fa9273b5dfb1a27f4128f94a2057b55a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25223.exe

Filesize
184KB

MD5
9f0a94c90185ff117c132e240d7610df

SHA1
dae03825e80d0c534fc92d527c7a1063a8009344

SHA256
a4c079ee8149f3f328ac80653d78e35fe95f843a138cee6cb85c8530c64e342d

SHA512
ca6f93ebb223d67fca9df5513fc2de97dc17518518264fa9e0c972f577f12ddd7e3dbc84e997ed54805dfc6dc7402e4fc5582fa403c03fb471b35aba2b1f38f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27449.exe

Filesize
184KB

MD5
1c45d13f9e7ba8bcf7832dbb89232a93

SHA1
ae3b467b0b1c43b18c0d06002115f177652268af

SHA256
44b4b8f50d9dd1843cc19f2425b83c0ee2cf3db3c44c485814c5901922b4abde

SHA512
a32b25bb7169de7e43d543d8426d944bcc8393ff2544eed434dd6d66117f1b203001ae38e413444adf1af5e3e4d27117713a20955631ba807f2c65450240abde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe

Filesize
184KB

MD5
e12ebd327d10b6e53f15f65a1e6bb566

SHA1
a9676787664fed8dc66bc34e395bca7da4285438

SHA256
fe4380b8fe09ec3cd29f920b0834b1ae07cb71e21413a8d4018ddf62d6c77bd9

SHA512
20b0671fa11203bbd44c79a99c908fc587a48f489bd8f9d57a79a8e8846cf6d6f45e399d2c2211af95baa36cb95712b4af9ff64bcb152b9ba71ccc60bb0ed228

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39991.exe

Filesize
184KB

MD5
a846f7f6065291bffc56c7368ad64cd1

SHA1
20ac0b4fd416f653d1864b603e405da598ab6cad

SHA256
44f67874cd95cd0204bc693841d25a4eed67e308eaaf1fa9fb5a0bf68ce6a30c

SHA512
c38bd4f02b69b32bd98ace3a22580d8db1df2f80cf48b6e68fab3395022ea11aa1667fd625321d217498e60c12b3fbdfddceb44fc5d2ffc2a847508af09698bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe

Filesize
184KB

MD5
41df6a2a34423db031343ad30bf343b7

SHA1
9611d3ae34dee82643dd2b977c9d4dbf82999e13

SHA256
468ec2b1d2fc1ecbbc212e8ebdb8a7381e7e74180932509b9d358f879374bf9a

SHA512
7dfe7de64148fcc7c633c9857b0411d1c56b2ebe925234e3968916daea9a20431d7b748ba9e1615a75dfa61f2072cafb162e091961920bed727fa7a605a70fba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe

Filesize
184KB

MD5
2b0285f9cd1088cd68c649a56ac5445c

SHA1
6d9cbac8f09450596cd9a6ac6f5d159d6862b473

SHA256
d08df356c347f64effc71571c2266e626eecbe3a9f38a0559c4e193f63424890

SHA512
3cdff19601da5a6906666a5d3a24f9621998f112b671a40ba48b97544999e2a52ba479484794872d14ba6d558ea9e2b82a895d550c0e3d7bbb1b86e6d88f2a17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe

Filesize
184KB

MD5
73e1a070bb840723f57f8b7679856a06

SHA1
72f508f11b25a5eee57831c7571ca6037ab5fb71

SHA256
103bc98013cd6907a1fb48a7de1980de43ecb89db7d28e654642bbf9e0366e42

SHA512
3bafc8b755e51a05bdc8cc649170f2d73772442828a3a01551e35f42aae394c68093e01ae292a019d352264874498a730612e62e94be93f8a1af07fa604b2f58

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14732.exe

Filesize
184KB

MD5
dfc61c68d0217e61bc402ad23a1973bf

SHA1
a3934ec553bf1e20df3a2e05465c7016b00f4b9f

SHA256
5ebed3eb5211f0b896cdd761020f65c8b483c7a5943c9815bf1b869f631f8c3a

SHA512
13ef0e658037cd55048a461b9c7ae430dd82346664129e0771450bb5f02522d66a2b64842d0ff459f630bac6b600590528b76a8dd08d9641b491ea90780dfe28

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe

Filesize
184KB

MD5
f0c046ee3f6c76f032aea63e60649a9a

SHA1
a1255c53934a4184f0a557d461c7a440c9e975ba

SHA256
a8123c3f538218f66b477a6dd076a724ebc57bbf9ca8352b4aaff5e8b3c533e2

SHA512
9dafaaa9a42e4931abdd23c4f60fe6c22f75dba2f141a0616a68a8205927d7047d9f5cb8c0ff43dcbe2d3c4156b18871d146999302dba7d17dfa9ecaf20dd369

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18216.exe

Filesize
184KB

MD5
d448ba65760cdbb9771363a3d8868b2d

SHA1
1197e3bac6f53d4f2c83dc1c35e318ec355a2cde

SHA256
9400273270c06c51ec31d552b448800acffef6c13af0772e8af2bd51fc90be59

SHA512
a1d1a952bca6744c686d4ac0006c3ab30d3f51302900d0ec1e096ae5fa2af9c2c65b98c79d0cb225f35fc1322808a9a9cd6ac5cd568faa1a97c82e70a1d73560

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe

Filesize
184KB

MD5
5b49c518a288baf867ebeb6a2005fa2e

SHA1
64e9476cb2329b469576bcc82d4b2dc18ea65491

SHA256
eae31c6b40c3164156c3fc848a313766b7765694cf2ac4a59a9d692f27ef6c04

SHA512
1c1a8a2a1b0e2486a4f0c97eaa15138b012ff77ecfc8c6e59a6d496984800599aa66136b33320cd800cd8bfab7604ea04afd81390fbdba1b86c3f618208b1437

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-363.exe

Filesize
184KB

MD5
c18576807263d67cc22a856fce36809c

SHA1
e6ab986c3e5c5a2fc20fbc9a57be698840269e91

SHA256
3a5757e917c85f4a05b18b993f850ab9d87d7b7789713f9b55d243baf5f498da

SHA512
3062cf435b18b669b4cb68712afbf24d9692c323b1ac7507c4a03e18639335a3b43442228ce3d3f769195cc8ff160241ff89e6cbfb63320557c347a9d14af159

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45267.exe

Filesize
184KB

MD5
1e167fe3fcd1030a644054a6ec9aecbf

SHA1
0dc72cd6217961a263a310121052a4a17c1f6236

SHA256
8ec24302e5d0be405484a50aa14c7b5fe8ea51643380f2dd360ac557e03cb63e

SHA512
be1b6769ee751dd7c9d41eb9b5fdc6c04842b6d0bb11ab88b4681abb753a742d3524343de607bd1e4217eeb5335fbf1aabc4fcf6fa8e63336ee49c1ce28b8200

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47058.exe

Filesize
184KB

MD5
21222f42d7efc4169cceaefec7953e48

SHA1
3a03dc655e4b1724e428e1dc3cd70c98828a3a06

SHA256
b339f31c42bc3586730f835b2399794186fffa2f731fa91d9f3458b7504bec18

SHA512
8d4bd2278b66ef375e940ac57de81f4b2b73d4f77853ffa94691af9d78c3adcd499af9d59941e8d8de987eb48c7cdc721cde51410ffa436e3eee661836836c9f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe

Filesize
184KB

MD5
b2f3e12bfe0259f22d381238daab685c

SHA1
3c08b398725a1d900b20604049d7c50d80999c8f

SHA256
e219251094abd400acce5eb63c3cbcdc51637e3f8aef8fe3ab3e811849f782ea

SHA512
ab4787fa8f537e7213916bddfb1dff3707bbbd979f762deb0dabb23a70af2083fe1054017c64f50ead09662356cb2862dccec6f409332a83b202355de385d8c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50696.exe

Filesize
184KB

MD5
38d333dc2cdf55ce0a64476942eb65e8

SHA1
192843893b6810a090be99785c95e3f6d508bf4e

SHA256
9b3e52abd8b9e1ac6729e915260eeee648847390e32629a0cbe0d19fac9333da

SHA512
5d501ef5d45aa0cda8faafe6e2e90df14b88eeb058904bb6c233cf70345f6cf1ccb0fa1cc6975fab77609f7ace964ea7071f893e95afffec50d8cf923574345a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe

Filesize
184KB

MD5
e142d4dbc3d04324ad8d5396af3f77a8

SHA1
7849a006df1aca0b8bbd332c970d8c8fe901bbc0

SHA256
4b719894eaa32fc320ab95c1bbe8d9c2f5833adec865b857870386fbf21e3ca4

SHA512
11db9fa1ba16711ecdb9a4cdd2956d72ad18f420156027da0d0c293011f0e75bafb8a80993beab793d4c4ec72913a72a6b5de9404049d7c00f5f1ec9afb6f1d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe

Filesize
184KB

MD5
b3d234ab1d70a57e02a04493449af4f6

SHA1
fe4b12cbaecc5480a35af5bf217d16d2fb3f1f1e

SHA256
49dbdb613294360ccb9f8d827676cfefbd4f2a1ff76507b3b005c84dabab18db

SHA512
d5d7d8ef50b9d2ff70a11cadcf700cd60fe88d9aba22ac22c66e417ca5af38863990a131b5b34f5fef82403b69157ec079a0b753fdb2d5818771cb2b9eb00e2b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9066.exe

Filesize
184KB

MD5
91a0964988a28298e760931d9ec7ba0a

SHA1
12fc4f6759582a355f357e79f1cc909d566fd31e

SHA256
a1ef49608b4d975bc7c31059ce43c3d4decf55eb92cb51e25a1651c391f70d84

SHA512
f0b82a46bc52d8e5c17f13c1f3905b4f86a2ff6668e9bcd1a2dfc0ec40ebee0c6d8e48302906248eeac5c23a94b7b76660cd876686c1d10a36a6336781e0a94c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads