bd9fd6bf83ad34739a3e8f908f97a7ec04ca9472a011f375ab819903636cc5f2

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 00:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe
Size

184KB
MD5

161470c0d2212ae648de93c368f4e2d0
SHA1

0945492b17d940444b59892b2350624d476d99b5
SHA256

bd9fd6bf83ad34739a3e8f908f97a7ec04ca9472a011f375ab819903636cc5f2
SHA512

b5eb6119125314abe395d469ea6317aa853d893497d6e18caee006eb7ec66895f9b7c058fb4ce5ec88e6689164c27e5da32fa65ed44a5a2e2135fa25e59a7c10
SSDEEP

1536:VBSJ6jZ5u3J8oqx1A4hAKawgFM9yvZc86mddlw0R2YBetKhl5hj5nizpvH:/3e3J8oGi4hqBFaWe+w0RFsKhlnViFP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2252	Unicorn-52095.exe
2288	Unicorn-31750.exe
3004	Unicorn-21082.exe
2476	Unicorn-3181.exe
2472	Unicorn-40836.exe
2868	Unicorn-38856.exe
1612	Unicorn-62251.exe
2692	Unicorn-50876.exe
2740	Unicorn-12427.exe
1828	Unicorn-53295.exe
1348	Unicorn-521.exe
2224	Unicorn-55389.exe
2108	Unicorn-17542.exe
2116	Unicorn-21347.exe
1952	Unicorn-37408.exe
616	Unicorn-17098.exe
588	Unicorn-27766.exe
3024	Unicorn-4160.exe
3056	Unicorn-43460.exe
2052	Unicorn-40615.exe
1760	Unicorn-60481.exe
1960	Unicorn-13501.exe
1316	Unicorn-44036.exe
1404	Unicorn-59173.exe
312	Unicorn-10657.exe
1732	Unicorn-46001.exe
840	Unicorn-44693.exe
2008	Unicorn-64558.exe
2780	Unicorn-19115.exe
2364	Unicorn-8590.exe
2932	Unicorn-48549.exe
2568	Unicorn-48035.exe
2612	Unicorn-10744.exe
2664	Unicorn-57724.exe
2484	Unicorn-38818.exe
2444	Unicorn-27766.exe
2688	Unicorn-27766.exe
1724	Unicorn-10168.exe
1748	Unicorn-20837.exe
1268	Unicorn-31798.exe
2436	Unicorn-28953.exe
2280	Unicorn-34261.exe
2248	Unicorn-35221.exe
884	Unicorn-34898.exe
1660	Unicorn-35247.exe
636	Unicorn-32402.exe
2204	Unicorn-45548.exe
2128	Unicorn-45548.exe
2824	Unicorn-6165.exe
552	Unicorn-17702.exe
644	Unicorn-44240.exe
1460	Unicorn-16166.exe
1528	Unicorn-8485.exe
836	Unicorn-39107.exe
744	Unicorn-24931.exe
916	Unicorn-39683.exe
800	Unicorn-49108.exe
352	Unicorn-34499.exe
2536	Unicorn-54941.exe
1292	Unicorn-41428.exe
2372	Unicorn-2045.exe
2456	Unicorn-4313.exe
2636	Unicorn-22871.exe
2672	Unicorn-57489.exe

Loads dropped DLL 64 IoCs

pid	Process
1984	161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe
1984	161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe
1984	161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe
2252	Unicorn-52095.exe
2252	Unicorn-52095.exe
1984	161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe
3004	Unicorn-21082.exe
2252	Unicorn-52095.exe
2252	Unicorn-52095.exe
3004	Unicorn-21082.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2288	Unicorn-31750.exe
2288	Unicorn-31750.exe
2476	Unicorn-3181.exe
2476	Unicorn-3181.exe
2472	Unicorn-40836.exe
2472	Unicorn-40836.exe
3004	Unicorn-21082.exe
3004	Unicorn-21082.exe
2352	WerFault.exe
2352	WerFault.exe
2352	WerFault.exe
2352	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
2352	WerFault.exe
2868	Unicorn-38856.exe
2868	Unicorn-38856.exe
1612	Unicorn-62251.exe
2476	Unicorn-3181.exe
1612	Unicorn-62251.exe
2476	Unicorn-3181.exe
2740	Unicorn-12427.exe
2472	Unicorn-40836.exe
2692	Unicorn-50876.exe
2472	Unicorn-40836.exe
2740	Unicorn-12427.exe
2692	Unicorn-50876.exe
684	WerFault.exe
684	WerFault.exe
684	WerFault.exe
684	WerFault.exe
684	WerFault.exe
1052	WerFault.exe
1052	WerFault.exe
1052	WerFault.exe
1052	WerFault.exe
1052	WerFault.exe
1828	Unicorn-53295.exe
1828	Unicorn-53295.exe
2868	Unicorn-38856.exe
2868	Unicorn-38856.exe
1348	Unicorn-521.exe
1348	Unicorn-521.exe
1952	Unicorn-37408.exe
1952	Unicorn-37408.exe
2692	Unicorn-50876.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2680	1984	WerFault.exe	27
2528	2252	WerFault.exe	28
1808	3004	WerFault.exe	29
2352	2288	WerFault.exe	30
684	2476	WerFault.exe	33
1052	2472	WerFault.exe	32
2020	2868	WerFault.exe	35
2900	1612	WerFault.exe	36
1340	2692	WerFault.exe	37
2832	2740	WerFault.exe	38
2236	1828	WerFault.exe	41
892	1348	WerFault.exe	43
2272	1952	WerFault.exe	46
2144	2108	WerFault.exe	45
2096	2116	WerFault.exe	44
540	2224	WerFault.exe	42
2420	616	WerFault.exe	49
1536	588	WerFault.exe	50
1512	3024	WerFault.exe	51
2804	3056	WerFault.exe	52
2148	2052	WerFault.exe	53
2896	1960	WerFault.exe	55
2964	1760	WerFault.exe	54
2888	312	WerFault.exe	58
2508	1404	WerFault.exe	56
1764	1316	WerFault.exe	57
2524	352	WerFault.exe	101
1868	840	WerFault.exe	61
2396	1732	WerFault.exe	60
2448	2008	WerFault.exe	62
1728	2780	WerFault.exe	66
1820	1748	WerFault.exe	76
1060	2364	WerFault.exe	67
2184	2688	WerFault.exe	74
936	2484	WerFault.exe	72
2460	2436	WerFault.exe	78
3152	2568	WerFault.exe	69
3168	1724	WerFault.exe	75
3212	2664	WerFault.exe	71
3236	1268	WerFault.exe	77
3308	2932	WerFault.exe	68
3336	2444	WerFault.exe	73
3396	2612	WerFault.exe	70
3476	2128	WerFault.exe	87
3484	2824	WerFault.exe	90
3508	884	WerFault.exe	82
3568	744	WerFault.exe	98
3616	836	WerFault.exe	97
3724	1460	WerFault.exe	95
3808	552	WerFault.exe	93
3868	2672	WerFault.exe	107
3904	2636	WerFault.exe	106
3912	2280	WerFault.exe	80
3952	2676	WerFault.exe	108
3960	2536	WerFault.exe	102
4012	2248	WerFault.exe	81
4056	2372	WerFault.exe	104
3112	2456	WerFault.exe	105
3136	644	WerFault.exe	94
3176	1292	WerFault.exe	103
3196	916	WerFault.exe	99
3264	800	WerFault.exe	100
3656	1028	WerFault.exe	112
3764	2748	WerFault.exe	111

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1984	161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe
2252	Unicorn-52095.exe
2288	Unicorn-31750.exe
3004	Unicorn-21082.exe
2476	Unicorn-3181.exe
2472	Unicorn-40836.exe
2868	Unicorn-38856.exe
1612	Unicorn-62251.exe
2692	Unicorn-50876.exe
2740	Unicorn-12427.exe
1828	Unicorn-53295.exe
1348	Unicorn-521.exe
2108	Unicorn-17542.exe
2224	Unicorn-55389.exe
1952	Unicorn-37408.exe
2116	Unicorn-21347.exe
616	Unicorn-17098.exe
588	Unicorn-27766.exe
3024	Unicorn-4160.exe
3056	Unicorn-43460.exe
2052	Unicorn-40615.exe
1960	Unicorn-13501.exe
1316	Unicorn-44036.exe
1760	Unicorn-60481.exe
312	Unicorn-10657.exe
1404	Unicorn-59173.exe
1732	Unicorn-46001.exe
840	Unicorn-44693.exe
2008	Unicorn-64558.exe
2780	Unicorn-19115.exe
2364	Unicorn-8590.exe
2932	Unicorn-48549.exe
2568	Unicorn-48035.exe
2612	Unicorn-10744.exe
2664	Unicorn-57724.exe
2444	Unicorn-27766.exe
2484	Unicorn-38818.exe
2688	Unicorn-27766.exe
1724	Unicorn-10168.exe
1748	Unicorn-20837.exe
1268	Unicorn-31798.exe
2436	Unicorn-28953.exe
2280	Unicorn-34261.exe
2248	Unicorn-35221.exe
884	Unicorn-34898.exe
1660	Unicorn-35247.exe
636	Unicorn-32402.exe
2204	Unicorn-45548.exe
2128	Unicorn-45548.exe
2824	Unicorn-6165.exe
552	Unicorn-17702.exe
644	Unicorn-44240.exe
1460	Unicorn-16166.exe
1528	Unicorn-8485.exe
836	Unicorn-39107.exe
744	Unicorn-24931.exe
916	Unicorn-39683.exe
800	Unicorn-49108.exe
352	Unicorn-34499.exe
2536	Unicorn-54941.exe
1292	Unicorn-41428.exe
2372	Unicorn-2045.exe
2456	Unicorn-4313.exe
2636	Unicorn-22871.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2252	1984	161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe	28
PID 1984 wrote to memory of 2252	1984	161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe	28
PID 1984 wrote to memory of 2252	1984	161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe	28
PID 1984 wrote to memory of 2252	1984	161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe	28
PID 1984 wrote to memory of 2288	1984	161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe	30
PID 1984 wrote to memory of 2288	1984	161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe	30
PID 2252 wrote to memory of 3004	2252	Unicorn-52095.exe	29
PID 1984 wrote to memory of 2288	1984	161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe	30
PID 1984 wrote to memory of 2288	1984	161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe	30
PID 2252 wrote to memory of 3004	2252	Unicorn-52095.exe	29
PID 2252 wrote to memory of 3004	2252	Unicorn-52095.exe	29
PID 2252 wrote to memory of 3004	2252	Unicorn-52095.exe	29
PID 1984 wrote to memory of 2680	1984	161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe	31
PID 1984 wrote to memory of 2680	1984	161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe	31
PID 1984 wrote to memory of 2680	1984	161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe	31
PID 1984 wrote to memory of 2680	1984	161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe	31
PID 2252 wrote to memory of 2476	2252	Unicorn-52095.exe	33
PID 2252 wrote to memory of 2476	2252	Unicorn-52095.exe	33
PID 2252 wrote to memory of 2476	2252	Unicorn-52095.exe	33
PID 2252 wrote to memory of 2476	2252	Unicorn-52095.exe	33
PID 3004 wrote to memory of 2472	3004	Unicorn-21082.exe	32
PID 3004 wrote to memory of 2472	3004	Unicorn-21082.exe	32
PID 3004 wrote to memory of 2472	3004	Unicorn-21082.exe	32
PID 3004 wrote to memory of 2472	3004	Unicorn-21082.exe	32
PID 2252 wrote to memory of 2528	2252	Unicorn-52095.exe	34
PID 2252 wrote to memory of 2528	2252	Unicorn-52095.exe	34
PID 2252 wrote to memory of 2528	2252	Unicorn-52095.exe	34
PID 2252 wrote to memory of 2528	2252	Unicorn-52095.exe	34
PID 2288 wrote to memory of 2868	2288	Unicorn-31750.exe	35
PID 2288 wrote to memory of 2868	2288	Unicorn-31750.exe	35
PID 2288 wrote to memory of 2868	2288	Unicorn-31750.exe	35
PID 2288 wrote to memory of 2868	2288	Unicorn-31750.exe	35
PID 2476 wrote to memory of 1612	2476	Unicorn-3181.exe	36
PID 2476 wrote to memory of 1612	2476	Unicorn-3181.exe	36
PID 2476 wrote to memory of 1612	2476	Unicorn-3181.exe	36
PID 2476 wrote to memory of 1612	2476	Unicorn-3181.exe	36
PID 2472 wrote to memory of 2692	2472	Unicorn-40836.exe	37
PID 2472 wrote to memory of 2692	2472	Unicorn-40836.exe	37
PID 2472 wrote to memory of 2692	2472	Unicorn-40836.exe	37
PID 2472 wrote to memory of 2692	2472	Unicorn-40836.exe	37
PID 3004 wrote to memory of 2740	3004	Unicorn-21082.exe	38
PID 3004 wrote to memory of 2740	3004	Unicorn-21082.exe	38
PID 3004 wrote to memory of 2740	3004	Unicorn-21082.exe	38
PID 3004 wrote to memory of 2740	3004	Unicorn-21082.exe	38
PID 2288 wrote to memory of 2352	2288	Unicorn-31750.exe	39
PID 2288 wrote to memory of 2352	2288	Unicorn-31750.exe	39
PID 2288 wrote to memory of 2352	2288	Unicorn-31750.exe	39
PID 2288 wrote to memory of 2352	2288	Unicorn-31750.exe	39
PID 3004 wrote to memory of 1808	3004	Unicorn-21082.exe	40
PID 3004 wrote to memory of 1808	3004	Unicorn-21082.exe	40
PID 3004 wrote to memory of 1808	3004	Unicorn-21082.exe	40
PID 3004 wrote to memory of 1808	3004	Unicorn-21082.exe	40
PID 2868 wrote to memory of 1828	2868	Unicorn-38856.exe	41
PID 2868 wrote to memory of 1828	2868	Unicorn-38856.exe	41
PID 2868 wrote to memory of 1828	2868	Unicorn-38856.exe	41
PID 2868 wrote to memory of 1828	2868	Unicorn-38856.exe	41
PID 1612 wrote to memory of 2224	1612	Unicorn-62251.exe	42
PID 1612 wrote to memory of 2224	1612	Unicorn-62251.exe	42
PID 1612 wrote to memory of 2224	1612	Unicorn-62251.exe	42
PID 1612 wrote to memory of 2224	1612	Unicorn-62251.exe	42
PID 2476 wrote to memory of 1348	2476	Unicorn-3181.exe	43
PID 2476 wrote to memory of 1348	2476	Unicorn-3181.exe	43
PID 2476 wrote to memory of 1348	2476	Unicorn-3181.exe	43
PID 2476 wrote to memory of 1348	2476	Unicorn-3181.exe	43

C:\Users\Admin\AppData\Local\Temp\161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\161470c0d2212ae648de93c368f4e2d0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52095.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52095.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21082.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50876.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37408.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48549.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17702.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
        10⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64513.exe
        11⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47093.exe
        12⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        13⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34168.exe
        14⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6298.exe
        15⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
        16⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10260 -s 236
        16⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 216
        15⤵
        
        PID:10784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        14⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 236
        13⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        12⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
        11⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 236
        10⤵
        Program crash
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64031.exe
        9⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3608.exe
        10⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32657.exe
        11⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12012.exe
        12⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        13⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7384.exe
        14⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe
        15⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 236
        15⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 216
        14⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 236
        13⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
        12⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        11⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 236
        10⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
        9⤵
        Program crash
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        9⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37651.exe
        10⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe
        11⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
        12⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25666.exe
        13⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47033.exe
        14⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44653.exe
        15⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10436 -s 216
        15⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 216
        14⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
        13⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 236
        12⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
        11⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 216
        10⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 236
        9⤵
        Program crash
        
        PID:3136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
        8⤵
        Program crash
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48035.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16166.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10554.exe
        9⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22093.exe
        10⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23684.exe
        11⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33794.exe
        12⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
        12⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
        11⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
        10⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 236
        9⤵
        Program crash
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64656.exe
        9⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe
        10⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
        11⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
        12⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31216.exe
        13⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        14⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10532 -s 216
        14⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
        13⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 216
        12⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
        11⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
        10⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
        9⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
        8⤵
        Program crash
        
        PID:3152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
        7⤵
        Program crash
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56152.exe
        9⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
        10⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        11⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10955.exe
        12⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
        13⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16755.exe
        14⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10468 -s 216
        14⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 216
        13⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
        12⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
        11⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
        10⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
        9⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16693.exe
        8⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26463.exe
        9⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
        10⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
        11⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41753.exe
        12⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12897.exe
        13⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47720.exe
        14⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10732 -s 216
        14⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
        13⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
        12⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 236
        11⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        10⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
        8⤵
        Program crash
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe
        8⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62160.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43466.exe
        10⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50836.exe
        11⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8262.exe
        12⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        13⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        14⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10356 -s 216
        14⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
        13⤵
        
        PID:10868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
        12⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
        11⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        10⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 216
        9⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
        8⤵
        Program crash
        
        PID:3616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
        7⤵
        Program crash
        
        PID:2148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        6⤵
        Program crash
        
        PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17542.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49108.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        9⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32607.exe
        10⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54799.exe
        11⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16197.exe
        12⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
        13⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
        14⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
        15⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9224 -s 216
        15⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
        14⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 236
        13⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
        12⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
        11⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 216
        10⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 236
        9⤵
        Program crash
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12661.exe
        8⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
        9⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
        10⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 220
        11⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
        10⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 216
        9⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        8⤵
        Program crash
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34499.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
        8⤵
        Program crash
        
        PID:2524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 220
        7⤵
        Program crash
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57228.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45907.exe
        9⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24712.exe
        10⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16197.exe
        11⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21634.exe
        12⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57945.exe
        13⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1358.exe
        14⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11132 -s 216
        14⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
        13⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
        12⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
        11⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
        10⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 216
        9⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 236
        8⤵
        Program crash
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
        8⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19652.exe
        9⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22175.exe
        10⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15967.exe
        11⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe
        12⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47284.exe
        13⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10584 -s 216
        13⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 236
        12⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
        11⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        10⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        9⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 216
        8⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
        7⤵
        Program crash
        
        PID:1820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
        6⤵
        Program crash
        
        PID:2144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12427.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21347.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57724.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25080.exe
        9⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
        10⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4358.exe
        11⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
        12⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        13⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40713.exe
        14⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26859.exe
        15⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 216
        15⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 216
        14⤵
        
        PID:10504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
        13⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        12⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
        11⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        10⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 236
        9⤵
        Program crash
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56802.exe
        8⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28118.exe
        9⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
        10⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8750.exe
        11⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63066.exe
        12⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40565.exe
        13⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37140.exe
        14⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9792 -s 236
        14⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
        13⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
        12⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
        11⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        10⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 216
        9⤵
        
        PID:3720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
        8⤵
        Program crash
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        8⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9423.exe
        10⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
        11⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53393.exe
        12⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40187.exe
        13⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1358.exe
        14⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11080 -s 216
        14⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 216
        13⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 216
        12⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
        11⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
        10⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 236
        9⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 236
        8⤵
        Program crash
        
        PID:3196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
        7⤵
        Program crash
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38818.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4313.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        8⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34774.exe
        10⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26659.exe
        11⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18339.exe
        12⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62181.exe
        13⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
        14⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10756 -s 216
        14⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 216
        13⤵
        
        PID:10376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 216
        12⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        11⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
        10⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
        9⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 216
        8⤵
        Program crash
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37362.exe
        7⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13693.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63870.exe
        9⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
        10⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27469.exe
        11⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe
        12⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31031.exe
        13⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10676 -s 220
        13⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 216
        12⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
        11⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 236
        10⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
        9⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 216
        8⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
        7⤵
        Program crash
        
        PID:936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        6⤵
        Program crash
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35905.exe
        9⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
        10⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64197.exe
        11⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9959.exe
        12⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
        13⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 216
        13⤵
        
        PID:3188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 236
        12⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
        11⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 236
        10⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        9⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 216
        8⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 216
        7⤵
        Program crash
        
        PID:2184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 236
        6⤵
        Program crash
        
        PID:2508
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        5⤵
        Program crash
        
        PID:2832
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3181.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62251.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55389.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31798.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51442.exe
        9⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27423.exe
        10⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        11⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
        12⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
        13⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
        14⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        15⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10916 -s 216
        15⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 220
        14⤵
        
        PID:944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
        13⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
        12⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        11⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 216
        10⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
        9⤵
        Program crash
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17269.exe
        8⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11288.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31416.exe
        10⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39196.exe
        11⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8091.exe
        12⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
        13⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        14⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9324 -s 236
        14⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 216
        13⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
        12⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 236
        11⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
        10⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
        9⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 240
        8⤵
        Program crash
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20026.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39029.exe
        8⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
        9⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3227.exe
        10⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
        11⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59994.exe
        12⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
        13⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
        14⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 216
        14⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 216
        13⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
        12⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
        11⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
        10⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 216
        9⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        8⤵
        Program crash
        
        PID:3952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
        7⤵
        Program crash
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28953.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
        7⤵
        Executes dropped EXE
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53938.exe
        8⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3608.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
        10⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        11⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59994.exe
        12⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
        13⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        14⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 236
        14⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 216
        13⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
        12⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
        11⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        10⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 216
        9⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
        8⤵
        Program crash
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        7⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30523.exe
        8⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        9⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
        10⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        11⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
        12⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7252.exe
        13⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 216
        13⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
        12⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
        11⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        10⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
        9⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
        8⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        7⤵
        Program crash
        
        PID:2460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
        6⤵
        Program crash
        
        PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe
        8⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54359.exe
        9⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
        10⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43581.exe
        11⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37530.exe
        12⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        13⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 216
        13⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 236
        12⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
        11⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        10⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        9⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
        8⤵
        Program crash
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
        9⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44329.exe
        10⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
        11⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
        12⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47720.exe
        13⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10844 -s 216
        13⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 216
        12⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
        11⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        10⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        9⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 216
        8⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
        7⤵
        Program crash
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58764.exe
        7⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe
        8⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        9⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
        10⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63166.exe
        11⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12897.exe
        12⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
        13⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10744 -s 216
        13⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
        12⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
        11⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
        10⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        9⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 216
        8⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
        7⤵
        Program crash
        
        PID:4056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 240
        6⤵
        Program crash
        
        PID:2888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
        5⤵
        Program crash
        
        PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45548.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47181.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        9⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40044.exe
        10⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        11⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        12⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
        13⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41215.exe
        14⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54723.exe
        15⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 236
        15⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
        14⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 236
        13⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 236
        12⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
        11⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        12⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
        13⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
        14⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 216
        14⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 216
        13⤵
        
        PID:10696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
        12⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 220
        11⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 216
        10⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        9⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43883.exe
        10⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48937.exe
        11⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
        12⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29190.exe
        13⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20752.exe
        14⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 216
        14⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
        13⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 220
        12⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
        11⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
        10⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 216
        9⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23719.exe
        7⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9204.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        9⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        10⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46322.exe
        11⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4267.exe
        12⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31725.exe
        13⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
        11⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
        10⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        9⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 216
        8⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        7⤵
        Program crash
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28100.exe
        7⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe
        9⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5081.exe
        10⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1542.exe
        11⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45423.exe
        12⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15210.exe
        13⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 216
        13⤵
        
        PID:11444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 236
        12⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
        11⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 216
        10⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        9⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 236
        8⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
        7⤵
        Program crash
        
        PID:3484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        6⤵
        Program crash
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8590.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45548.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62718.exe
        7⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62977.exe
        8⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
        9⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 220
        10⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        9⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 216
        8⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
        7⤵
        Program crash
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
        6⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        8⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36051.exe
        9⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        10⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33985.exe
        11⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        12⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 236
        12⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 216
        11⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
        10⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 236
        9⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        8⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 216
        7⤵
        
        PID:5088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
        6⤵
        Program crash
        
        PID:1060
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
        5⤵
        Program crash
        
        PID:892
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:684
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38856.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53295.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46001.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35221.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
        8⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
        9⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62877.exe
        10⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
        11⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27798.exe
        12⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24834.exe
        13⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
        14⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 236
        14⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 236
        13⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 236
        12⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
        11⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
        10⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 236
        9⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15121.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
        9⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe
        10⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36642.exe
        11⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        12⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48210.exe
        13⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
        14⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 216
        14⤵
        
        PID:1824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 236
        13⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
        12⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
        11⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
        10⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
        9⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
        8⤵
        Program crash
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
        7⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
        8⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56852.exe
        9⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53734.exe
        10⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        11⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        12⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15647.exe
        13⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        14⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10332 -s 236
        14⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
        13⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
        12⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
        11⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        10⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 216
        9⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
        8⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
        7⤵
        Program crash
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        7⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
        8⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        10⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        11⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49907.exe
        12⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60291.exe
        13⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 216
        13⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 216
        12⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
        11⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 236
        10⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
        9⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 216
        8⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53515.exe
        8⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
        9⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18834.exe
        10⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
        11⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
        12⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        13⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11212 -s 216
        13⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8260 -s 216
        12⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
        11⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
        10⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        9⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 216
        8⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
        7⤵
        Program crash
        
        PID:3508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 240
        6⤵
        Program crash
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34261.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        8⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
        9⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54777.exe
        10⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
        11⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33075.exe
        12⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40691.exe
        13⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44993.exe
        14⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
        14⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 216
        13⤵
        
        PID:10628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
        12⤵
        
        PID:9760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
        11⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
        10⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 236
        9⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
        8⤵
        Program crash
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21274.exe
        8⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36137.exe
        9⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
        10⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57936.exe
        11⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51772.exe
        12⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 216
        12⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 236
        11⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
        10⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
        9⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
        8⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        7⤵
        Program crash
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
        6⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 376
        7⤵
        Program crash
        
        PID:3656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
        6⤵
        Program crash
        
        PID:1868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
        5⤵
        Program crash
        
        PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        7⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40896.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52715.exe
        9⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-884.exe
        10⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
        11⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9196.exe
        12⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60291.exe
        13⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10004 -s 216
        13⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
        12⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 236
        11⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 236
        10⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
        8⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54251.exe
        8⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51536.exe
        9⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50826.exe
        10⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        11⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
        12⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10392 -s 216
        12⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
        11⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
        10⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 236
        9⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
        8⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
        7⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55214.exe
        6⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30985.exe
        8⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        10⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        11⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20108.exe
        12⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 216
        12⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 216
        11⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        10⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        9⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
        8⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 236
        7⤵
        
        PID:4492
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        6⤵
        Program crash
        
        PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32402.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
        6⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32307.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25764.exe
        9⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60999.exe
        10⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        11⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe
        12⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9372 -s 216
        12⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 236
        11⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
        10⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
        9⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
        8⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 236
        7⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47584.exe
        6⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45807.exe
        7⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1200.exe
        8⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe
        9⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45001.exe
        10⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27758.exe
        11⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        12⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 216
        11⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
        10⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
        9⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 236
        8⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 216
        7⤵
        
        PID:5864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 240
        6⤵
        
        PID:3684
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 240
        5⤵
        Program crash
        
        PID:1536
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
      4⤵
      Program crash
      PID:2020
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 216
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2352
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
  2⤵
  - Program crash
  PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe

Filesize
184KB

MD5
b2de22e69d35eeb705843e0c97b5b686

SHA1
de7a0df9d00888153ab209844b873a18e6f7b5f1

SHA256
bdf78ca3a36d96943b1b9c75e640a741b8f079389d151818b377304a1fabb124

SHA512
12f9b96476cdf1288870f7aaa2a4274246c831d29fa4af070e9dd7b215e55c40c7bb9195ecd51015674017e156a6716b043a7c37724996d99100d77da5454322

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23684.exe

Filesize
184KB

MD5
9b4cb7c6c36ff02dafe50ebddc5dd8fc

SHA1
7ab646bbed6a33ec0b1b3a20406b26c7bcdaa8b0

SHA256
4ae279147493cac7dd85527098ddde3f461a4d5e08a4af9e547dca00b49d242e

SHA512
f7b3fbf5d75b2b7d5d00e47b740a03aedfd9b0ba57ef3e1ab612d2b37eba265bf1101c4b6735d94331e4b0ef09031a60da4fe0492780f8587434788714481a23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29190.exe

Filesize
184KB

MD5
91324c0f2a17d9dc61faf98da478bc38

SHA1
75785538d92265b32ea5451b8fe870a641965215

SHA256
a44d080014e75e2e033ee6d75ee01eb049b6b8191fbcb4026ba505e1d64735c4

SHA512
6f3c8f5edaf6279332253695a7cee704537c3cdca86fa4ed3c752b8b78720b548db8185dbfb59afef46a8b5760ae75bb317fdd06702bc53231c55baa6fed00d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe

Filesize
184KB

MD5
10531c9b8691eaf9f544940d846a2cca

SHA1
ef3af53bd46d447ca0725b45e2aaba313ebfafd0

SHA256
19f8cd99139d31243a05e11339166ee0918f77165e702fd79fb5b2acbd37af4d

SHA512
ea69311cefa42708f771155447de918834693267ac9f7baa998d153e1ec47807d05ff85a001b74f3866889276c7b99c12c5aca2583c1ccd9e8a2c14108a1611e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe

Filesize
184KB

MD5
3f6dd9d763d5f9b567f0a5a1465a9ef6

SHA1
72d5abb7ffc10afd9cedbfc67deecf8456895c58

SHA256
fb5aacc2cd70db29504ddb9735d463f3188d771e58b3f5e5e64267b1a04039ec

SHA512
c1af68e7fbdc8ce9a9da5004839791cb173f15945b34c7d00dd376778d3af881dd2fe7befe53e582636d16158082675d9b0da901f387afbe2601d612ffaeb78b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40565.exe

Filesize
184KB

MD5
46835cc9e95f3ace27d341ae2d851794

SHA1
e8fc1da25831627c774556d50af9e8028dd3daf0

SHA256
a7543fe6a7412534bf92b89dc0a37144327b32d1ea35a8bd2d9aa7de25820d64

SHA512
231994f70f5e70e85ab88c6efff2dcb41a402ddd60d6fe9884b72f65dd6ca0a5a885ccff8280125365fccf5b6e34d276edc4f4634f41d61048c19acc4df72508

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe

Filesize
184KB

MD5
33d725ae02790cea6842791cfe78938b

SHA1
be381c8687b843a3e78d76b2c95717cc7d055123

SHA256
0c5070dabaae2e99caa4684729130f2a0fcbce1310a9b07094a36536d2ed89a3

SHA512
dc34965f2ea97b6dca832126b9f3005caf0d0d0305d7b890bc881e85004cc37c42ad331bf2c72fbca6122cf70bdfcba12e53c7171b24e1d0a15919f9806e50a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe

Filesize
184KB

MD5
878bb45c87816e15bf2da112fc5edfba

SHA1
e37ded9f41199223bc166d0d27020269a60770e5

SHA256
684a96bd84cc9b1e7b35f8d1bdf8b6256fd6890dfd5904c4d6a5454ad0bb8066

SHA512
a546266d38eb1d9e245210e6f2ccb3bd40616ca5e0f2a9d1bdde9f81a7e340f28efcd001f9fdc26c64d57e5786bcde064fdb8a32e62204c5d394c3165422e85a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe

Filesize
184KB

MD5
439c98729d678c28450e3a13b517450c

SHA1
940f1c6313aa549762f8fa7971398ac9ec48db5a

SHA256
2924d91404fa32021e460a243ebb6feb6957ed064484e7acbeb1e2e0c1ea075d

SHA512
20a825d34ef094a1090d7365ce32bc95d25540e8aa054aa62eaecce8ef50f67e456493bbe9b064394e5343c1eabae16a10ee40b8e7db2fd9ab4bb075921c82dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe

Filesize
184KB

MD5
f9fa87fe4cb9bf1366ec286bd0bdb97b

SHA1
0f0fb59d7624b79f50db9f87bf0c882b79a4670d

SHA256
3dc7601276e1b2b0f2d958915ea604598fb119743d8c4d7edd5ef5b38ad41d55

SHA512
9dba37c8b7ba721f6a08c545f903af1b089377dab079f24bee225a3a851f8b23c8efc6e73e271da0959b660669f66aa0c78fbc6477c6099dc52685342bc8cc2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53295.exe

Filesize
184KB

MD5
87bc3266efe122cfafa2e6355f7530c7

SHA1
406a4a44ee1c4d04362d6063ef84516c8c2e3cc9

SHA256
c6565358dcf82a2e840d7332a90ca5032d4ec24b31c86703f48398821d05c4e7

SHA512
65ccacfd9216142a68f7624c943b5ac8718194fa56a2c66f71734cbd389e7d1d94a2887fe63087066099f88899400bde94d81aeef4885cbfca03c6e5957cad1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe

Filesize
184KB

MD5
033894250edc5550a29e85c2a709774b

SHA1
987c75e662ff511f47763b48c7144678799aa526

SHA256
2fafd0b871eb572a4d60f5b3f718ee9de1953ab33d674e6cf742f9f2197cedf1

SHA512
e5345858da3135c7e124122cebf5c89f2f6d6e2380df73cf2be7bcc5b4091a8068b3e475cb03339246b1cad58af7c24721a9c47732811b9f8073989fe7be516c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12427.exe

Filesize
184KB

MD5
1daab216f5a0bddc0df816e69489965c

SHA1
808fb6f68428cf68549a15e9da441a5a47edf114

SHA256
a8cece44ddbce26046c33ced677f83253c3b20ecb766c7086aeb48992de0fe4e

SHA512
2511f658f5a0e2ffaa676689f41f49f488e77e069215331402e0f90ff45e5c2f110e064231e6db27e2bd727e0a53f1c4c30718019d0ad53524d822aabff4a613

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17542.exe

Filesize
184KB

MD5
5e506001780fbc49993710cc6586e68d

SHA1
5cfc1c613e4029b9a5864419c99bbad94bbb0803

SHA256
22f15f04e5473ef9ae25594bdde7148e627963d43cba6caf5c9003f977d43f72

SHA512
21f14933cd7ea53af0581a449a2e48579d77c83d967ef30ea2c4c6c84d0e809e8cb9a2dc409dfde37a534e37c25025f76bb6eb6b2afbfd93de7027f59f82eede

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21082.exe

Filesize
184KB

MD5
9ac31a0e6e24cba487b1fbaea9b2e81c

SHA1
5f6d87d514a57632a00028b4ea3a49b7f3088d2d

SHA256
9a083c53efde080bcd2da905212b4dd0969a8f9e0e27780f2ee24c6eb0267030

SHA512
e8fb1991bc7bdd9d0a6670795afef20b766f867d86a37c491044321895fb50f51c92107bf91c6b6eccc85fec3ead7dc76ff85162247f742ba252247cd3970352

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21347.exe

Filesize
184KB

MD5
1ed61b8ab81de3bee6ad13160b554fdb

SHA1
c47f461fc779e5511340ce8d412793b0a49141cd

SHA256
ac15dddb8dc4fe65a3bfc2f5430e862ca3272f258ceb41c949e38110179faabc

SHA512
a9ec3d0ebb0978ea169c884e505aacae2bce1d086355d4276032448cd077149195db071709a3b5aca5bf168ff674b82d19b843883c4288ceb1a7baba9c21f1d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe

Filesize
184KB

MD5
375ba0c3a0de267cece2366f309de92e

SHA1
a0f1718851c6164e287e40e3f8194b214158c316

SHA256
44b4e721ef006c74781a249a52da761945513411c0a9012b1458375275b0dd09

SHA512
cadb834d5ed878f1381d4ff3924014f956ce656e83d8af06ced0bb0c0a3ea48f9b3181f905555e8372da707025f718878bdb40ca17948e507066485dedb8c876

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3181.exe

Filesize
184KB

MD5
8e7a1ffb5a17b2cdaf6f9aac554c0a59

SHA1
5e193cf0df6bee52ac4d810adca4b914992f74fb

SHA256
38c2da3c757937f02872be9eaa87ee8df8d02d7054b885ccdd3bf02923fb0ef2

SHA512
424f2c55486b41af2c11a3da56439fdcdcc27cd5f8dd106388dbf58b138a69857f02c3a98cf2e436008514721de6b31bdc2a5de6828887211961867b67adf570

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37408.exe

Filesize
184KB

MD5
c2934d7bf85c3befe582aeb37119de13

SHA1
dce133517fe7ffd6e8a5d63f45b43527ee5ac1f3

SHA256
d320003317a89af13dbc5c7416b82f0690978a6bc2ed976d11b4dfb909e2a514

SHA512
fe6a7d612d44c00169d06562a82b626b814db571a182038acfbaa404b491bae2dd4b0269479ed27e39818fc7e7cf7b0cc8fe30df935e198d8853535f3fee4c0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38856.exe

Filesize
184KB

MD5
253cb5f027257710720713c2c21eed3d

SHA1
aa20b5f5438b8f24a8b9280c100787507f77b030

SHA256
8265875278c8ce0d375c940709d5cc21c4a24eaf1472303af2b0ef99d2ac030a

SHA512
29146b66d617606ce2c6f8f811f7f636063c57cc6d9192daf3c0a6d4f3afe83ce1f2e4adee1a433346a8cc187d8a3f062169641f9617d5d078aef1076a61343d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50876.exe

Filesize
184KB

MD5
2c131c348e4002111a2f86f363448b02

SHA1
ae215019fd366901b0e45418070e3a13907e7854

SHA256
15662724f93bb7606e1fbea7dc594f6893a6946282100ef08d6349034f3eaf11

SHA512
ad475b0ebc88603bdda3839720d2242de7128584a96d4ffcdfe7b869fb367075de08740504a075728c1fcd53a76cab63108939d71ce4122a412aa27ed5420146

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52095.exe

Filesize
184KB

MD5
ddd786d66149d94d7aedea21d9cdda9b

SHA1
b2e30379d13a051726094186e315dc67aa531491

SHA256
8f23fa563db574ed97ed06eec1d6abd6c9c60f9eb39a7bef0be51dcdc4a5acaf

SHA512
9bf8c2d18a2c99157d9ce732244a7caaff1cbbf20f21531fa5aa7bbb15e9719ecc62b7f933aded8a377116d785d9d1c77f67a995204267f8880476c2241262a1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55389.exe

Filesize
184KB

MD5
be086c9a355a0b1f1277a2c6b2f3b925

SHA1
ece1e61cd92170f63d1d66b388eb5a7719fac3a4

SHA256
3d43812e615886325aad2be0558dc8227944b5e9c0bab472ec4a3173bc73ca6d

SHA512
3079df0a8c3d45eb65007c987b3fef6d554004ab480a5402b1ec53f63d4abd827504ba23c0a9b29b33ee3052ab94311e7c07aabcf63b4cdb577d587f3cb25129

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62251.exe

Filesize
184KB

MD5
e7ee54656e1f1c205591c0bef184f3ca

SHA1
372a19a8074fcc26f737030858b130c83bb310b8

SHA256
1df1f61311fb01125f0739daacc0b6044f5c338b12ee9d99d6e371c2cd3811f3

SHA512
67b1a0520f87b39364754340e0c8050cf9bb221148c5165b2577c3220daeda62b00d25e8e425ab6be9ffbf8c188c5e2c1cfce95a2160d6b0da5e4259e7c1e0d3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads