7298800b06b0cdd169a03deb69ba36101aa4477ab7c043872621b9f72a0d85cb

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 08:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe
Size

184KB
MD5

93bd3ea7e331ec2db67ea8c1971c3320
SHA1

2275386dd251a1e742538901e4de0ef33316d41a
SHA256

7298800b06b0cdd169a03deb69ba36101aa4477ab7c043872621b9f72a0d85cb
SHA512

0ca508f9379a56187624a7c4d4b02356a088d82cd17f0d309a816a94face4e3987234e2c8fd748a8f289c8eb371225caf22363983d8695d3b219bac95d32c5af
SSDEEP

3072:6MM3Y8of7RhgdFaWe8wLRtsrhlnVijOn3:6MwoHcFafLbsrhlnVijO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3052	Unicorn-33428.exe
2596	Unicorn-31970.exe
2620	Unicorn-12104.exe
2504	Unicorn-40387.exe
2616	Unicorn-28689.exe
1592	Unicorn-43567.exe
276	Unicorn-47289.exe
2696	Unicorn-63625.exe
2716	Unicorn-35591.exe
780	Unicorn-44570.exe
1472	Unicorn-36594.exe
1532	Unicorn-16728.exe
2488	Unicorn-49593.exe
2372	Unicorn-3921.exe
1420	Unicorn-51472.exe
2752	Unicorn-39774.exe
1712	Unicorn-42427.exe
2116	Unicorn-56303.exe
452	Unicorn-18992.exe
2872	Unicorn-31990.exe
848	Unicorn-42619.exe
844	Unicorn-51856.exe
112	Unicorn-8503.exe
888	Unicorn-28369.exe
1708	Unicorn-36729.exe
2220	Unicorn-28561.exe
1680	Unicorn-17055.exe
908	Unicorn-53257.exe
2728	Unicorn-49920.exe
2772	Unicorn-4248.exe
2948	Unicorn-34529.exe
2036	Unicorn-22831.exe
2128	Unicorn-50865.exe
2536	Unicorn-59225.exe
2552	Unicorn-39359.exe
2432	Unicorn-35271.exe
884	Unicorn-18935.exe
2436	Unicorn-7429.exe
1548	Unicorn-43631.exe
1788	Unicorn-49998.exe
1944	Unicorn-45359.exe
2300	Unicorn-42021.exe
1908	Unicorn-36314.exe
3020	Unicorn-62079.exe
2108	Unicorn-42213.exe
2088	Unicorn-20170.exe
2492	Unicorn-16640.exe
2120	Unicorn-53034.exe
1924	Unicorn-53034.exe
268	Unicorn-61202.exe
2764	Unicorn-49505.exe
1508	Unicorn-12001.exe
1296	Unicorn-496.exe
1012	Unicorn-62079.exe
2956	Unicorn-16408.exe
2936	Unicorn-71.exe
1444	Unicorn-6438.exe
2844	Unicorn-42832.exe
2880	Unicorn-39302.exe
2524	Unicorn-59168.exe
2420	Unicorn-59360.exe
1984	Unicorn-47663.exe
2860	Unicorn-1991.exe
2136	Unicorn-10351.exe

Loads dropped DLL 64 IoCs

pid	Process
2340	93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe
2340	93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe
3052	Unicorn-33428.exe
2340	93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe
3052	Unicorn-33428.exe
2340	93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe
3052	Unicorn-33428.exe
2596	Unicorn-31970.exe
3052	Unicorn-33428.exe
2596	Unicorn-31970.exe
2808	WerFault.exe
2808	WerFault.exe
2808	WerFault.exe
2808	WerFault.exe
2808	WerFault.exe
2620	Unicorn-12104.exe
2620	Unicorn-12104.exe
2504	Unicorn-40387.exe
2504	Unicorn-40387.exe
2596	Unicorn-31970.exe
2616	Unicorn-28689.exe
2596	Unicorn-31970.exe
2616	Unicorn-28689.exe
1724	WerFault.exe
1724	WerFault.exe
1724	WerFault.exe
1724	WerFault.exe
1744	WerFault.exe
1744	WerFault.exe
1744	WerFault.exe
1744	WerFault.exe
1724	WerFault.exe
1744	WerFault.exe
1592	Unicorn-43567.exe
1592	Unicorn-43567.exe
276	Unicorn-47289.exe
2504	Unicorn-40387.exe
276	Unicorn-47289.exe
2504	Unicorn-40387.exe
2616	Unicorn-28689.exe
2616	Unicorn-28689.exe
2696	Unicorn-63625.exe
2696	Unicorn-63625.exe
324	WerFault.exe
324	WerFault.exe
324	WerFault.exe
324	WerFault.exe
324	WerFault.exe
688	WerFault.exe
688	WerFault.exe
688	WerFault.exe
688	WerFault.exe
688	WerFault.exe
780	Unicorn-44570.exe
780	Unicorn-44570.exe
1592	Unicorn-43567.exe
1592	Unicorn-43567.exe
1472	Unicorn-36594.exe
1472	Unicorn-36594.exe
276	Unicorn-47289.exe
276	Unicorn-47289.exe
1532	Unicorn-16728.exe
1532	Unicorn-16728.exe
2696	Unicorn-63625.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2664	2340	WerFault.exe	27
2808	3052	WerFault.exe	28
1744	2596	WerFault.exe	29
1724	2620	WerFault.exe	30
324	2504	WerFault.exe	32
688	2616	WerFault.exe	33
1596	1592	WerFault.exe	35
376	276	WerFault.exe	36
2008	2696	WerFault.exe	38
2408	780	WerFault.exe	41
2468	1472	WerFault.exe	42
2456	2372	WerFault.exe	45
1524	2488	WerFault.exe	44
1704	1420	WerFault.exe	48
1968	2752	WerFault.exe	49
1556	1712	WerFault.exe	50
2720	2116	WerFault.exe	51
2656	452	WerFault.exe	52
1264	844	WerFault.exe	55
2476	2872	WerFault.exe	53
2576	848	WerFault.exe	54
2404	112	WerFault.exe	58
2032	1708	WerFault.exe	61
2708	888	WerFault.exe	59
1636	2220	WerFault.exe	62
3056	908	WerFault.exe	64
3048	1680	WerFault.exe	63
1268	2728	WerFault.exe	65
1060	2772	WerFault.exe	66
1800	2536	WerFault.exe	70
1796	2552	WerFault.exe	71
2356	2036	WerFault.exe	68
2932	2128	WerFault.exe	69
2904	2948	WerFault.exe	67
3212	2432	WerFault.exe	74
3236	884	WerFault.exe	76
3252	1548	WerFault.exe	79
3268	2436	WerFault.exe	78
3452	1788	WerFault.exe	80
3460	1944	WerFault.exe	81
3468	2300	WerFault.exe	82
3560	3020	WerFault.exe	84
3584	2108	WerFault.exe	85
3604	268	WerFault.exe	90
3620	1296	WerFault.exe	93
3664	2492	WerFault.exe	87
3672	2088	WerFault.exe	86
3716	1924	WerFault.exe	89
3708	2120	WerFault.exe	88
3724	1508	WerFault.exe	92
3748	2764	WerFault.exe	91
3400	1012	WerFault.exe	97
3480	2956	WerFault.exe	98
4060	2844	WerFault.exe	106
3088	1444	WerFault.exe	103
3204	2420	WerFault.exe	109
3308	2308	WerFault.exe	115
3340	2268	WerFault.exe	127
3612	1328	WerFault.exe	121
3912	2044	WerFault.exe	123
4036	2136	WerFault.exe	112
3988	2148	WerFault.exe	117
2204	1732	WerFault.exe	114
4520	600	WerFault.exe	120

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2340	93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe
3052	Unicorn-33428.exe
2596	Unicorn-31970.exe
2620	Unicorn-12104.exe
2504	Unicorn-40387.exe
2616	Unicorn-28689.exe
1592	Unicorn-43567.exe
276	Unicorn-47289.exe
2696	Unicorn-63625.exe
780	Unicorn-44570.exe
1472	Unicorn-36594.exe
1532	Unicorn-16728.exe
2372	Unicorn-3921.exe
2488	Unicorn-49593.exe
1420	Unicorn-51472.exe
2752	Unicorn-39774.exe
1712	Unicorn-42427.exe
2116	Unicorn-56303.exe
452	Unicorn-18992.exe
2872	Unicorn-31990.exe
844	Unicorn-51856.exe
848	Unicorn-42619.exe
112	Unicorn-8503.exe
888	Unicorn-28369.exe
1708	Unicorn-36729.exe
2220	Unicorn-28561.exe
1680	Unicorn-17055.exe
908	Unicorn-53257.exe
2728	Unicorn-49920.exe
2948	Unicorn-34529.exe
2036	Unicorn-22831.exe
2552	Unicorn-39359.exe
2128	Unicorn-50865.exe
2536	Unicorn-59225.exe
2432	Unicorn-35271.exe
884	Unicorn-18935.exe
2436	Unicorn-7429.exe
1548	Unicorn-43631.exe
1788	Unicorn-49998.exe
1944	Unicorn-45359.exe
2300	Unicorn-42021.exe
1908	Unicorn-36314.exe
3020	Unicorn-62079.exe
2108	Unicorn-42213.exe
2088	Unicorn-20170.exe
2492	Unicorn-16640.exe
268	Unicorn-61202.exe
1924	Unicorn-53034.exe
2120	Unicorn-53034.exe
2764	Unicorn-49505.exe
1508	Unicorn-12001.exe
1296	Unicorn-496.exe
1012	Unicorn-62079.exe
2956	Unicorn-16408.exe
2936	Unicorn-71.exe
1444	Unicorn-6438.exe
2844	Unicorn-42832.exe
2880	Unicorn-39302.exe
2524	Unicorn-59168.exe
2420	Unicorn-59360.exe
1984	Unicorn-47663.exe
2860	Unicorn-1991.exe
2136	Unicorn-10351.exe
2716	Unicorn-31518.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 3052	2340	93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe	28
PID 2340 wrote to memory of 3052	2340	93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe	28
PID 2340 wrote to memory of 3052	2340	93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe	28
PID 2340 wrote to memory of 3052	2340	93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe	28
PID 3052 wrote to memory of 2596	3052	Unicorn-33428.exe	29
PID 3052 wrote to memory of 2596	3052	Unicorn-33428.exe	29
PID 3052 wrote to memory of 2596	3052	Unicorn-33428.exe	29
PID 3052 wrote to memory of 2596	3052	Unicorn-33428.exe	29
PID 2340 wrote to memory of 2620	2340	93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe	30
PID 2340 wrote to memory of 2620	2340	93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe	30
PID 2340 wrote to memory of 2620	2340	93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe	30
PID 2340 wrote to memory of 2620	2340	93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe	30
PID 2340 wrote to memory of 2664	2340	93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe	31
PID 2340 wrote to memory of 2664	2340	93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe	31
PID 2340 wrote to memory of 2664	2340	93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe	31
PID 2340 wrote to memory of 2664	2340	93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe	31
PID 2596 wrote to memory of 2504	2596	Unicorn-31970.exe	32
PID 2596 wrote to memory of 2504	2596	Unicorn-31970.exe	32
PID 2596 wrote to memory of 2504	2596	Unicorn-31970.exe	32
PID 2596 wrote to memory of 2504	2596	Unicorn-31970.exe	32
PID 3052 wrote to memory of 2616	3052	Unicorn-33428.exe	33
PID 3052 wrote to memory of 2616	3052	Unicorn-33428.exe	33
PID 3052 wrote to memory of 2616	3052	Unicorn-33428.exe	33
PID 3052 wrote to memory of 2616	3052	Unicorn-33428.exe	33
PID 3052 wrote to memory of 2808	3052	Unicorn-33428.exe	34
PID 3052 wrote to memory of 2808	3052	Unicorn-33428.exe	34
PID 3052 wrote to memory of 2808	3052	Unicorn-33428.exe	34
PID 3052 wrote to memory of 2808	3052	Unicorn-33428.exe	34
PID 2620 wrote to memory of 1592	2620	Unicorn-12104.exe	35
PID 2620 wrote to memory of 1592	2620	Unicorn-12104.exe	35
PID 2620 wrote to memory of 1592	2620	Unicorn-12104.exe	35
PID 2620 wrote to memory of 1592	2620	Unicorn-12104.exe	35
PID 2504 wrote to memory of 276	2504	Unicorn-40387.exe	36
PID 2504 wrote to memory of 276	2504	Unicorn-40387.exe	36
PID 2504 wrote to memory of 276	2504	Unicorn-40387.exe	36
PID 2504 wrote to memory of 276	2504	Unicorn-40387.exe	36
PID 2596 wrote to memory of 2716	2596	Unicorn-31970.exe	37
PID 2596 wrote to memory of 2716	2596	Unicorn-31970.exe	37
PID 2596 wrote to memory of 2716	2596	Unicorn-31970.exe	37
PID 2596 wrote to memory of 2716	2596	Unicorn-31970.exe	37
PID 2616 wrote to memory of 2696	2616	Unicorn-28689.exe	38
PID 2616 wrote to memory of 2696	2616	Unicorn-28689.exe	38
PID 2616 wrote to memory of 2696	2616	Unicorn-28689.exe	38
PID 2616 wrote to memory of 2696	2616	Unicorn-28689.exe	38
PID 2620 wrote to memory of 1724	2620	Unicorn-12104.exe	39
PID 2620 wrote to memory of 1724	2620	Unicorn-12104.exe	39
PID 2620 wrote to memory of 1724	2620	Unicorn-12104.exe	39
PID 2620 wrote to memory of 1724	2620	Unicorn-12104.exe	39
PID 2596 wrote to memory of 1744	2596	Unicorn-31970.exe	40
PID 2596 wrote to memory of 1744	2596	Unicorn-31970.exe	40
PID 2596 wrote to memory of 1744	2596	Unicorn-31970.exe	40
PID 2596 wrote to memory of 1744	2596	Unicorn-31970.exe	40
PID 1592 wrote to memory of 780	1592	Unicorn-43567.exe	41
PID 1592 wrote to memory of 780	1592	Unicorn-43567.exe	41
PID 1592 wrote to memory of 780	1592	Unicorn-43567.exe	41
PID 1592 wrote to memory of 780	1592	Unicorn-43567.exe	41
PID 276 wrote to memory of 1472	276	Unicorn-47289.exe	42
PID 276 wrote to memory of 1472	276	Unicorn-47289.exe	42
PID 276 wrote to memory of 1472	276	Unicorn-47289.exe	42
PID 276 wrote to memory of 1472	276	Unicorn-47289.exe	42
PID 2504 wrote to memory of 1532	2504	Unicorn-40387.exe	43
PID 2504 wrote to memory of 1532	2504	Unicorn-40387.exe	43
PID 2504 wrote to memory of 1532	2504	Unicorn-40387.exe	43
PID 2504 wrote to memory of 1532	2504	Unicorn-40387.exe	43

C:\Users\Admin\AppData\Local\Temp\93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\93bd3ea7e331ec2db67ea8c1971c3320_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33428.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33428.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40387.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47289.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28561.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45359.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58273.exe
        11⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21922.exe
        12⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        13⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
        14⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47541.exe
        15⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7683.exe
        16⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
        15⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 236
        14⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        13⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
        12⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
        11⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
        12⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44548.exe
        13⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
        14⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
        15⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
        14⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 236
        13⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
        12⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        11⤵
        Program crash
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63104.exe
        10⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55938.exe
        11⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35892.exe
        12⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49063.exe
        13⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
        14⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7683.exe
        15⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
        14⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        13⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
        12⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
        11⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
        10⤵
        Program crash
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47663.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        10⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64381.exe
        11⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38087.exe
        12⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49888.exe
        13⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53867.exe
        14⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
        15⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
        14⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
        13⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        12⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        11⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
        10⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62783.exe
        11⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9540.exe
        12⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22845.exe
        13⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
        13⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        12⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
        11⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
        10⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        9⤵
        Program crash
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42021.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10351.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9456.exe
        10⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-380.exe
        11⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
        12⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
        13⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43309.exe
        14⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
        13⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        12⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 216
        11⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35771.exe
        10⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
        11⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14745.exe
        12⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22373.exe
        13⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
        13⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
        12⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
        11⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
        10⤵
        Program crash
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6244.exe
        10⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18565.exe
        11⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
        12⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38557.exe
        13⤵
        
        PID:12868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 216
        13⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
        12⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        11⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
        10⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        9⤵
        Program crash
        
        PID:3468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
        8⤵
        Program crash
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17055.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62079.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9199.exe
        9⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
        10⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        11⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59239.exe
        12⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48335.exe
        13⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19495.exe
        14⤵
        
        PID:13260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 236
        13⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 236
        12⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        11⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 216
        10⤵
        Program crash
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5927.exe
        9⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
        10⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48217.exe
        11⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9751.exe
        12⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8404.exe
        13⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 216
        13⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
        12⤵
        
        PID:10400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
        11⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 216
        10⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
        9⤵
        Program crash
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12961.exe
        8⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
        9⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14604.exe
        10⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
        11⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54743.exe
        12⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62075.exe
        13⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
        13⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
        12⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        11⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 216
        10⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60468.exe
        9⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62098.exe
        10⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8056.exe
        11⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44983.exe
        12⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 236
        12⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
        11⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
        10⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
        9⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
        8⤵
        Program crash
        
        PID:3048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 240
        7⤵
        Program crash
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36314.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1288.exe
        10⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        10⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        11⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6769.exe
        12⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        13⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55924.exe
        14⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
        13⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
        12⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
        11⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 220
        10⤵
        Program crash
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        9⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11568.exe
        9⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29758.exe
        10⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1403.exe
        11⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
        12⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        13⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9328 -s 216
        13⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
        12⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 236
        11⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
        10⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 220
        9⤵
        Program crash
        
        PID:3308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
        8⤵
        Program crash
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42213.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe
        8⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27935.exe
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
        9⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
        10⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1045.exe
        11⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        11⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29887.exe
        12⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29583.exe
        13⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 236
        12⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 240
        11⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
        10⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42097.exe
        9⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        10⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe
        11⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
        12⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 236
        12⤵
        
        PID:12596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
        11⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
        10⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        9⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
        8⤵
        Program crash
        
        PID:3584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        7⤵
        Program crash
        
        PID:2720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 240
        6⤵
        Program crash
        
        PID:376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        7⤵
        Executes dropped EXE
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31518.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
        9⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22773.exe
        10⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43069.exe
        11⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53508.exe
        12⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
        13⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 236
        13⤵
        
        PID:12508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
        12⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        11⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 216
        10⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60468.exe
        9⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45596.exe
        10⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32208.exe
        11⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25834.exe
        12⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
        13⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
        12⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        11⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
        10⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        9⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 216
        8⤵
        Program crash
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16640.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        8⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48460.exe
        9⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39301.exe
        10⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52389.exe
        11⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        12⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
        13⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
        13⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
        12⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        11⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
        10⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60660.exe
        9⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        10⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
        11⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28168.exe
        12⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
        12⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        11⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        10⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 220
        9⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
        9⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        10⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
        11⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57738.exe
        12⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64284.exe
        13⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
        12⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        11⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 236
        10⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19103.exe
        9⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        10⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6726.exe
        11⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60065.exe
        12⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10528 -s 236
        12⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
        11⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 236
        10⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
        9⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
        8⤵
        Program crash
        
        PID:3664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 240
        7⤵
        Program crash
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49920.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20170.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9583.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        9⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
        10⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29726.exe
        11⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe
        12⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54867.exe
        13⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 220
        13⤵
        
        PID:12908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
        12⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
        11⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 216
        10⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37691.exe
        9⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
        10⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
        11⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
        12⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        13⤵
        
        PID:13164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
        12⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
        11⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
        10⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        9⤵
        Program crash
        
        PID:3912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
        8⤵
        Program crash
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63423.exe
        7⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23764.exe
        8⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55253.exe
        9⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe
        10⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
        11⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe
        12⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
        12⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
        11⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
        10⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 216
        9⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        9⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14496.exe
        10⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35069.exe
        11⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 236
        11⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
        10⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
        9⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
        8⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        7⤵
        Program crash
        
        PID:1268
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
      4⤵
      Executes dropped EXE
      PID:2716
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28689.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63625.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3921.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12001.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        9⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10608.exe
        10⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2451.exe
        11⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        12⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46358.exe
        13⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
        13⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        12⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        11⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 236
        10⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
        9⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55253.exe
        10⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
        11⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
        12⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
        13⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
        12⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
        11⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 216
        10⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
        9⤵
        Program crash
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        8⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56244.exe
        9⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
        10⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15694.exe
        11⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45122.exe
        12⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
        13⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 236
        13⤵
        
        PID:13016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        11⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
        10⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
        9⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51927.exe
        10⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34512.exe
        11⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
        12⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
        12⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
        11⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        10⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        9⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
        8⤵
        Program crash
        
        PID:2904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 236
        7⤵
        Program crash
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22831.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61202.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33896.exe
        8⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32124.exe
        9⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48512.exe
        10⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56073.exe
        11⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2830.exe
        12⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5574.exe
        13⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
        13⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 236
        12⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
        11⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
        10⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39250.exe
        11⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32850.exe
        12⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 236
        12⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        11⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 240
        10⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
        9⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59436.exe
        10⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15898.exe
        11⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15522.exe
        12⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        13⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 236
        12⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 236
        11⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
        10⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 240
        9⤵
        Program crash
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        8⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39109.exe
        9⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
        10⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30667.exe
        11⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5792.exe
        12⤵
        
        PID:11148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
        12⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
        11⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
        10⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 236
        9⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
        8⤵
        Program crash
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13153.exe
        7⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        8⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
        9⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 220
        10⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14874.exe
        9⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40402.exe
        10⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41101.exe
        11⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
        11⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
        10⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        9⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53151.exe
        8⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
        9⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47418.exe
        10⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31864.exe
        11⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8015.exe
        12⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11052 -s 216
        12⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
        11⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
        10⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 236
        9⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 220
        8⤵
        Program crash
        
        PID:3612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
        7⤵
        Program crash
        
        PID:2356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
        6⤵
        Program crash
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31990.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23542.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3208.exe
        8⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
        9⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        10⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65439.exe
        11⤵
        
        PID:10472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 236
        11⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 236
        10⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
        9⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
        7⤵
        Program crash
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11599.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe
        8⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13146.exe
        9⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        10⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        11⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
        12⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 236
        12⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
        11⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 236
        10⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
        9⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
        8⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
        9⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
        10⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
        10⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
        9⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        8⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
        7⤵
        Program crash
        
        PID:3620
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        6⤵
        Program crash
        
        PID:2476
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        5⤵
        Program crash
        
        PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53034.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8514.exe
        8⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        9⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
        10⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        11⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6520.exe
        12⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61729.exe
        13⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 236
        13⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
        12⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 236
        11⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 236
        10⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3099.exe
        9⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25581.exe
        10⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        11⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14327.exe
        12⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
        12⤵
        
        PID:12740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
        11⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        10⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
        9⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
        8⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11086.exe
        10⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17792.exe
        11⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
        12⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
        12⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 236
        11⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        10⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
        9⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        8⤵
        Program crash
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5177.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
        8⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        9⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12020.exe
        10⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13051.exe
        11⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53535.exe
        12⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 236
        12⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
        11⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        10⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 216
        9⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
        9⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-189.exe
        10⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
        11⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 236
        11⤵
        
        PID:12320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        10⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        9⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
        8⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 220
        7⤵
        Program crash
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58784.exe
        7⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40292.exe
        8⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55829.exe
        9⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-209.exe
        10⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59476.exe
        11⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33625.exe
        12⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9240 -s 216
        12⤵
        
        PID:13212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
        11⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 216
        10⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
        9⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3291.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59405.exe
        9⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3622.exe
        10⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22975.exe
        11⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
        11⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
        10⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        9⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
        8⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        7⤵
        Program crash
        
        PID:3748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
        6⤵
        Program crash
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39359.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53034.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        8⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22965.exe
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
        10⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5075.exe
        11⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60949.exe
        12⤵
        
        PID:12828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
        12⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
        11⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        10⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
        9⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
        8⤵
        Program crash
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
        7⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6052.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43754.exe
        9⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
        10⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37391.exe
        11⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
        11⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
        10⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        9⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
        8⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        7⤵
        Program crash
        
        PID:3716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 216
        6⤵
        Program crash
        
        PID:1796
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
        5⤵
        Program crash
        
        PID:1524
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:688
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12104.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12104.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51472.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28369.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43631.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
        9⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4625.exe
        10⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        11⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        12⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
        13⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 236
        13⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
        12⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
        11⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
        10⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        9⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
        10⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
        11⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61064.exe
        12⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
        13⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
        12⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
        11⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        10⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
        9⤵
        Program crash
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        8⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22690.exe
        9⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        10⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
        11⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe
        12⤵
        
        PID:10628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 216
        12⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
        11⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        10⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
        9⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 220
        8⤵
        Program crash
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39302.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
        8⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65450.exe
        9⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52887.exe
        10⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
        11⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        12⤵
        
        PID:10904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 236
        12⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 236
        11⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
        10⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 236
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe
        8⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52311.exe
        9⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34704.exe
        10⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        11⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56256.exe
        12⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 216
        12⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
        11⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        10⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
        9⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
        8⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
        7⤵
        Program crash
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1991.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15564.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51927.exe
        10⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57890.exe
        11⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47811.exe
        12⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1778.exe
        13⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
        12⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
        11⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        10⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
        9⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20203.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2259.exe
        9⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        10⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21304.exe
        11⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
        12⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
        11⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 236
        10⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
        9⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        8⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
        7⤵
        Program crash
        
        PID:3452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
        6⤵
        Program crash
        
        PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8503.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35271.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16408.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6078.exe
        9⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28139.exe
        10⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51512.exe
        11⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe
        12⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21138.exe
        13⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
        13⤵
        
        PID:12292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        12⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        11⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
        10⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        9⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51211.exe
        10⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64914.exe
        11⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21138.exe
        12⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 216
        12⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
        11⤵
        
        PID:9932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
        10⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        9⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2549.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28139.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59571.exe
        10⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
        11⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18978.exe
        12⤵
        
        PID:13200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 236
        12⤵
        
        PID:12696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
        11⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        10⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        9⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
        8⤵
        Program crash
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        7⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38943.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24002.exe
        9⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe
        10⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 240
        11⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 236
        10⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
        9⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        8⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59763.exe
        9⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14452.exe
        10⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2615.exe
        11⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8752 -s 216
        11⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        10⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
        9⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        8⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
        7⤵
        Program crash
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62079.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
        7⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38227.exe
        9⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        10⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56554.exe
        11⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10425.exe
        12⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 236
        12⤵
        
        PID:12644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        11⤵
        
        PID:9916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
        10⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        9⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        8⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26944.exe
        10⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24177.exe
        11⤵
        
        PID:12560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 236
        11⤵
        
        PID:13140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
        10⤵
        
        PID:10172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
        9⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
        8⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27053.exe
        7⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21891.exe
        8⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59955.exe
        9⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        10⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
        11⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 216
        11⤵
        
        PID:13192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
        10⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        9⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
        8⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
        7⤵
        Program crash
        
        PID:3400
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 240
        6⤵
        Program crash
        
        PID:2404
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
        5⤵
        Program crash
        
        PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36729.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18935.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62912.exe
        7⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63914.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
        10⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
        11⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
        11⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
        10⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
        9⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 236
        8⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
        7⤵
        Program crash
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6438.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15128.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46535.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
        9⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
        10⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
        11⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42177.exe
        12⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20578.exe
        12⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        13⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13168 -s 236
        13⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 220
        12⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
        11⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
        10⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
        9⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        8⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        9⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1666.exe
        10⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        11⤵
        
        PID:12424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 236
        11⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 236
        10⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        9⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
        8⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34837.exe
        7⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38118.exe
        8⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        9⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
        10⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
        10⤵
        
        PID:10992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 236
        8⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
        7⤵
        Program crash
        
        PID:3088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
        6⤵
        Program crash
        
        PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7429.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30858.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37236.exe
        9⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
        10⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
        11⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 236
        11⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        10⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        9⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
        8⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19819.exe
        7⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54039.exe
        8⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        9⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46742.exe
        10⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        10⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
        9⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
        8⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 220
        7⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
        6⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47962.exe
        7⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25218.exe
        9⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47541.exe
        10⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
        10⤵
        
        PID:11644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 236
        9⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
        8⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
        7⤵
        
        PID:4992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        6⤵
        Program crash
        
        PID:3268
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
        5⤵
        Program crash
        
        PID:1968
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
      4⤵
      Program crash
      PID:1596
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 216
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
  2⤵
  - Program crash
  PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14327.exe

Filesize
184KB

MD5
82277e77fe5d3124f148de2195c8147b

SHA1
2c5960ae077fd489a79f8b5e4ddb8a7376f1f7fc

SHA256
aeba37bcdc0066f3594f89a534820aa07f631de8715879e6915119a0b8dbe01a

SHA512
e649d187a68a46d351391ea158832ac97b5870bf27995b238af0f44b0fe2275a3f821f76e03d1463c8cba8516727cfe21e218a7ab64cfadec2ac4c695803b48d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37391.exe

Filesize
184KB

MD5
2ccffe88d4d25e965b3f877575957876

SHA1
9f400e6c3c113ee5b4586d7fdb20c04c244cc5db

SHA256
b9da9e077f78742c356e8049f17059d3f77d7faed5a72f726a9b9af56303eba4

SHA512
211b0e8dbd8c51aaa0b7fb19aab69ff96d95c00e7c0a811147e560271e5fe1b9591848b42344821a2135418ef0ffac5feeae535ca208afeb56899c06f1993ab4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe

Filesize
184KB

MD5
46184ee49e3d760531f78395f3b8d771

SHA1
0b6f3b573f3fd14231f141e0f770d8e971cdc0f8

SHA256
28d2ceaaf7853875528ebe7819409d7ed4daa894b414ae1273bf672b6feea556

SHA512
fe94a380a027cdd54ae596808a97cb2fb54da7e6d918dfecde255bc10f97ff5d624db971c3db5b2bc4f48a031584ddc6a3657101c479e42290ee7e1ae0315849

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45122.exe

Filesize
184KB

MD5
9f2f872f042ce24f9c899adbd2a32908

SHA1
d7fc3f6dc0dd1c791d6782dc98890e223fb37919

SHA256
5a9ec6aca89ff03700fe84f2cd7995733a0e9fd85465d956088b5a062f140406

SHA512
bd8aa6f90978ec78b0e54590216dea50a0bddb2f0ec46c023a85ce227c569b859ddc4e03becfa116677fa01de452b2bc903bdfe74149e97abc8ad5433614df0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54743.exe

Filesize
184KB

MD5
d76ebed14f6ed733c427e140145ca9ab

SHA1
0f9c3649186a4888652d5d11aaf397ee2f36f89c

SHA256
ea4d18ccd6b5f21a4c49e73430bf7e95f2db0f0eaeb6bc1a981595545d3a6713

SHA512
0d02211d9fd92d5eabe7851e8f34813546300f1ccd9c6d17cbdd77d0b93ee1376f0d59a020de68aef2114cb79ab72d1d63f4fea8363c9387ef7e2d317ef4d938

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5574.exe

Filesize
184KB

MD5
5d21c6538e8acbd855939f17be3697df

SHA1
709fa624c404655949cca4d222272d5555ab9871

SHA256
a936d55323c9fca86da0a84a240e1d44a0f21eba017988f8522b9780215d614d

SHA512
a92ddd8d6d54a59aff698b32eb76b8122413add2b11f2a79da973b99596c0e0fa6c1401195d85971b20da232e55b38bae75112140219c2dff44ca0c66732896c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55829.exe

Filesize
184KB

MD5
450f3bb0e5c26a31df4b8832b0c70ca7

SHA1
75ae7ef52b12e850cc1a8d1368f1a6d8dc44e13f

SHA256
9beb1e10edcf9e856a21087b0a9b4ec798726a22124a80951aab5da281b8a1d3

SHA512
e1940a285bd80fb4355aa14e2f7909f6bd51436e3d800a203bfd5339ea66f1052d7fda3f9ea668a8a4a8404ef0c90bbf4b217dc7506c2b08163620295a6e909e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe

Filesize
184KB

MD5
143bfc3d1e29c19d6cbb7d6bb0795bd0

SHA1
1338877314083f6ec4bd772373f53880e949fb71

SHA256
c88a10763470e26b5c6d04ee11d6ec183fc6c47dbefa8bc93c22f75f53b8fe93

SHA512
254cdfd7bf85a3b6f2bc5dd915308222e2132e3f44e7806aa5ea0633d669c23e76ccf013e1972fa4087be71e43ae186ab13940eefd6c65e35b6f4bfb1293db61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6052.exe

Filesize
184KB

MD5
92b541c3da57f7ecf895edc797348b0b

SHA1
8dd1a11e7755ca316a43bde2b4c0696a2b9239ea

SHA256
ca56dda6875d6becb2bc138bde937daada8399f99b98576be307743c5a1ef53f

SHA512
c01b1c5b2de5685e3aaf6b9a700743b840bb11f05edb83476c44029ea021ef35358c8d5c49676861478dd74eb6df0dc44e44ab88af9c13b533750328cd01dfbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6078.exe

Filesize
184KB

MD5
2148fcda71caac74785d161a7dc4e2be

SHA1
b2c5cd104a1435e4cbd17adefd979ba993ca182e

SHA256
bba6d6d2cb828d987ca46f367bd50f4be9c956929ed6fc96125e127d285b75de

SHA512
0647b18820373c6157b3d6f50e61c172fbbfd5bdd11fc2d5b7b682626b18f979a37b1182d97aba49b200e189060a76cf682ebbf19ea2cb3f6e9fc59b14a9fad4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6244.exe

Filesize
184KB

MD5
b6b2b5c71adbd6222cf633274c520172

SHA1
6da813a19e599990618704fe7a958f2602b5f046

SHA256
2fc41ef6a9e177f5ca2ed71f76c987b16cd0a15f279a965bd577aa091af0487a

SHA512
55a5ad870f1da6c786b2638f59da3ab0eca72cd742dedc1f93ff3edb313cfec17b9a4da5e11d264da323cce688e00d180fd93a0cf684aae82566afb10c37850f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63625.exe

Filesize
184KB

MD5
473d1d124c201a21bda3fcc2d531542b

SHA1
ab47847ba2b53d50b4eeaf2eda8da9b4b3de1ba1

SHA256
aa89fd71ec99ae8609504eee6e1f593f586c3bdeae8606f4489d6ec8aa6c7883

SHA512
86be66da6f4e11707cb1bf5160a3321599c04d3fc0e12e980f167b4153261824915c59b1015f37a9b385ebd1f624fb35a2163a1db211b81bc675b9bcd12d17e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12104.exe

Filesize
184KB

MD5
d33726cda842a39803a5a29c34d4ffbc

SHA1
994ee15e38c5b9874f277dca7b011d5bea446a1b

SHA256
add892042efdf0254b3982662705643d63d51d4e6195a404e59efc2fc32a8445

SHA512
f75ee96593ee502f291347127ea9d62fd677f81b25777351d69fec4a357924b48f4f80388c1771af048bc76897ba5c879150c2d1c1e0854844553e1d270a3932

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe

Filesize
184KB

MD5
63033a154b2a04ea5ea5bbfb30fc10eb

SHA1
de4b984c97ed9e5a5660021ecfa7884a27a5c6dd

SHA256
c5997a91cdcc03c3c9f6dee11971bee648532280c403b0679a0e2641cc32ac77

SHA512
265c7e2ccbc32deacc5b10193fe28e45bd1caee93f6a78832a5bd9d7b5f0e6998aea712c33ccce4cb9e91aa71f4f27f45714057e83a2db0e73dc59f41343099a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28689.exe

Filesize
184KB

MD5
4737fa9af39d5af752d10d4f1428fd2c

SHA1
122726a57f402ae12865ef726c3ffafe39417e41

SHA256
83b192f6bf5fa5ef57e8dce0ad004dd9f1c4edd7758573d35f90648b399360a4

SHA512
1219da60fd2517b6f942a954a5760554fdb0ceb714b57176e1fc9eb8e989f0b53e17d7759a3d3eaf68ae7ae3713076f466ec06174fc162ced1812383e13d270f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe

Filesize
184KB

MD5
fcd1f80affdf968919f7f7a0bc944d4e

SHA1
7523bb3a85d6bb4a4bde5ce1eaa87baf97bc793d

SHA256
37cf2f7f2c2ab3a29ad4fd4e07b7acac2777b61fdbf9f72951c5437e11190210

SHA512
ce13c8ba1931a949b129d994ab3222474f10279e2eb767a97a25d3a5ac178372551d874dd294d06bb636f9bf6068d2f3a966d5b02f13e1102e86d2bf07729ac6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33428.exe

Filesize
184KB

MD5
74c980973c05314d4dee0cfb9d0848e6

SHA1
b2df50c0db7a18e495fa99dc50c8815a92a04a08

SHA256
aafac05818de6936442e066e61deea27f97df5bf6e03ac899d304ef7782c80c5

SHA512
4e652b37f40c993f3fdb240074aa623e968176d56c06c7739d331559ee47617a1a56c0528425216df8051bf9a29e89d85340c2f43f83c558e365217ee2ff7b18

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe

Filesize
184KB

MD5
209c16c8102231a1d71ffdd945ce2533

SHA1
5ebeb085be71e038afe7da0737529de182f2e076

SHA256
bb370ab6aa4ac133f9561d888259a95839f17ec0978e6f68889c3f768c2fa6b0

SHA512
ed419e60d84cd5cff16bebf12e39008c2d81ebc9cba718a336cea5a7a1ead61a5d6cfacc9ef94c4ce26c0f7ea412eab6cc9819f0198bcddd5ec43e2ec6932ab3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe

Filesize
184KB

MD5
d9e02cf17acd6205bbf3c08b250637d8

SHA1
2913847777954daa1c55209da007b52385a71a55

SHA256
0e4ee2d75fe1eb705ad594bb28a6717ab6c1bee7ed95173ad6bdd023fa05ed0a

SHA512
49856e7b6a56cbd8fa46665d4c3aa7fa5906e538656aa047f8a595ed736cf29346e89b0cc5eef5b6dfbc7a2aa3b88c39673bb49e620e2f35d34908a100844e68

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3921.exe

Filesize
184KB

MD5
f05a4c8ca39626151328ef7c8d4e207b

SHA1
e347b8f1f78c35f9dcd82e3c8b6a9934241eca58

SHA256
cbe6f083fd181e407848704efe88ad046701ad61e5b5db09059e583d25317deb

SHA512
d98ccf361073841988aa3a07aad4ef27b837ee8293bd9e5ef7b448108e7235a74c58907b2bfd5a993227efb142187f7b7b6070ee4d8598d3826b5de30229e7c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40387.exe

Filesize
184KB

MD5
b4598755a1d9c2391ab30cfc17b1fc5b

SHA1
c324f993aeedfa9034ce4666f9994b2eede78ea0

SHA256
2a774b8c367b0d65e01c7e5151dd0189a2a4fb41f0b34945ca7185ea5123e3d7

SHA512
e7855ba64f8b4b052d3c192bb409967344acdf5a4972c992e2369d0fd07ef8af208862f58165fe030ae84e4b675def9864700bba55b8313b076b6a490328cbaa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe

Filesize
184KB

MD5
082cdffa8ce427f1e9c957440aa078a6

SHA1
bc00a9fff6949b6f7e8c93185f1c44984ddb9f0e

SHA256
debd79c30fabcacabe9bf731e35e3b2670101f8245a600148077c4b01aea521d

SHA512
b890ceda57cac9d2f1a735b145f4755beebaaa1bf99e1dc1a71f3f00b4f1db9e27efd03e84b3df98cd933cf536008f820ab94d8718d9ae443d966be9027e8678

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe

Filesize
184KB

MD5
0e2201ce88154745d11ddcfb061cfe93

SHA1
81c6c5ca70f4081a09d6ae885ca2bc67054a13ff

SHA256
05b274d6ea57383dc3d92e53c928b91cf7f44e0dc1be005ea7937cb80e7c5f05

SHA512
54a99749dab572fd682e80a821e7f35ea3659bfb1afc037e8b97818e3d138ea0bff7ceb54c6ec5327b6aa8e1e4f82594e6f7107e6ffb92780d4f48e4649da496

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47289.exe

Filesize
184KB

MD5
b081159899ee9cf61dc47d2223dbccef

SHA1
a5e18177589829f04de6c8006cf692fbaab89e8c

SHA256
3cc0609494dda8411c0b8a24c8972def62cf66e9ffa80916f679cd600d5e7807

SHA512
5b324ec6d7c29fcfd36e5fefaf835c1bbf66564ffedbaffd66f1870dd696603d7ea051b2c574eca133f3073d2e4e556d1ba92a19f883ccbc44dd2d6d497376da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe

Filesize
184KB

MD5
74af436ae4b53af5950992fb3ff89a23

SHA1
3389117f16edc27f6b0a2af15aad5e9ce027d90a

SHA256
441a8effc17ee3757e6714abbb194c3d1cf42b1f96d89d01a34223c28691026a

SHA512
15f47d514f983b66b32018b3ec2108ca7bf2e21226ec9d7502c4dcbbee81f1734449802650dab0932bfc07272fe57504201f5b6345695bf3ecf461feb0c1df01

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads