db55a1a2151a029420076ab3ade86f78c393b50016e728b06ce0f1ecfc062276

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 07:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe
Size

184KB
MD5

4d6309d07367c3b98d79e79ff822dac0
SHA1

1f82b05fe672304bf55b4c209406017381790938
SHA256

db55a1a2151a029420076ab3ade86f78c393b50016e728b06ce0f1ecfc062276
SHA512

8aaca844dee0a5d6547a2b749c2956f748aad6acc8ae8ef36dd82f3354f41ddc30d18caa6a20f86beaa0f4821e93de0647e2606f3af8036e2e6161ae20f592a1
SSDEEP

3072:5l5KuDolKanIdpEtev7LKx5BIKUQwkvKiNoCO5ElHp1hlnVOFP:5llot0pEMLy5BI/qrhhlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2956	Unicorn-26991.exe
3012	Unicorn-28392.exe
2288	Unicorn-28863.exe
2804	Unicorn-54178.exe
2860	Unicorn-42864.exe
2072	Unicorn-61827.exe
1868	Unicorn-31423.exe
2888	Unicorn-55927.exe
2996	Unicorn-27893.exe
1648	Unicorn-1184.exe
1668	Unicorn-42409.exe
2836	Unicorn-47048.exe
1436	Unicorn-42601.exe
2096	Unicorn-30903.exe
2088	Unicorn-48641.exe
776	Unicorn-2969.exe
1476	Unicorn-3161.exe
1812	Unicorn-19498.exe
1240	Unicorn-65169.exe
824	Unicorn-17106.exe
2360	Unicorn-5408.exe
1348	Unicorn-25274.exe
1788	Unicorn-62772.exe
900	Unicorn-51459.exe
2068	Unicorn-46628.exe
2156	Unicorn-43098.exe
884	Unicorn-15684.exe
1052	Unicorn-23852.exe
2196	Unicorn-3986.exe
3056	Unicorn-15876.exe
1928	Unicorn-4178.exe
2700	Unicorn-22975.exe
2756	Unicorn-28682.exe
2748	Unicorn-48548.exe
2752	Unicorn-45821.exe
2580	Unicorn-64617.exe
2396	Unicorn-52920.exe
2848	Unicorn-40990.exe
2536	Unicorn-17529.exe
2316	Unicorn-25697.exe
2404	Unicorn-50585.exe
2476	Unicorn-30719.exe
2736	Unicorn-47056.exe
1420	Unicorn-9552.exe
1220	Unicorn-6023.exe
2008	Unicorn-34057.exe
2928	Unicorn-16377.exe
532	Unicorn-16377.exe
556	Unicorn-12847.exe
1120	Unicorn-49433.exe
628	Unicorn-37735.exe
1044	Unicorn-29567.exe
1852	Unicorn-40881.exe
928	Unicorn-34379.exe
1944	Unicorn-11794.exe
2188	Unicorn-28131.exe
1720	Unicorn-24601.exe
2240	Unicorn-11986.exe
1628	Unicorn-289.exe
2528	Unicorn-20347.exe
2532	Unicorn-36168.exe
2880	Unicorn-18488.exe
1716	Unicorn-55074.exe
748	Unicorn-63626.exe

Loads dropped DLL 64 IoCs

pid	Process
2176	4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe
2176	4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe
2956	Unicorn-26991.exe
2956	Unicorn-26991.exe
2176	4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe
2176	4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe
3012	Unicorn-28392.exe
2956	Unicorn-26991.exe
3012	Unicorn-28392.exe
2956	Unicorn-26991.exe
796	WerFault.exe
796	WerFault.exe
796	WerFault.exe
796	WerFault.exe
796	WerFault.exe
2288	Unicorn-28863.exe
2288	Unicorn-28863.exe
2804	Unicorn-54178.exe
2804	Unicorn-54178.exe
2860	Unicorn-42864.exe
2860	Unicorn-42864.exe
3012	Unicorn-28392.exe
3012	Unicorn-28392.exe
1272	WerFault.exe
1272	WerFault.exe
1272	WerFault.exe
1272	WerFault.exe
1272	WerFault.exe
2072	Unicorn-61827.exe
2072	Unicorn-61827.exe
1868	Unicorn-31423.exe
1868	Unicorn-31423.exe
2804	Unicorn-54178.exe
2804	Unicorn-54178.exe
2888	Unicorn-55927.exe
2888	Unicorn-55927.exe
2860	Unicorn-42864.exe
2860	Unicorn-42864.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
2936	WerFault.exe
2936	WerFault.exe
2936	WerFault.exe
2936	WerFault.exe
2936	WerFault.exe
2072	Unicorn-61827.exe
2072	Unicorn-61827.exe
1648	Unicorn-1184.exe
1648	Unicorn-1184.exe
1668	Unicorn-42409.exe
1668	Unicorn-42409.exe
2836	Unicorn-47048.exe
2836	Unicorn-47048.exe
1868	Unicorn-31423.exe
1868	Unicorn-31423.exe
1436	Unicorn-42601.exe
1436	Unicorn-42601.exe
2096	Unicorn-30903.exe
2888	Unicorn-55927.exe
2096	Unicorn-30903.exe
2888	Unicorn-55927.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2672	2176	WerFault.exe	27
796	2956	WerFault.exe	28
1272	3012	WerFault.exe	29
1964	2804	WerFault.exe	32
2936	2860	WerFault.exe	33
468	2072	WerFault.exe	35
768	1868	WerFault.exe	36
1156	2888	WerFault.exe	37
676	2996	WerFault.exe	38
2656	1648	WerFault.exe	40
2572	1668	WerFault.exe	41
3008	2836	WerFault.exe	42
3032	1436	WerFault.exe	43
548	2096	WerFault.exe	44
1316	2088	WerFault.exe	47
1548	776	WerFault.exe	48
2200	1476	WerFault.exe	49
992	1812	WerFault.exe	50
1500	1240	WerFault.exe	51
1592	824	WerFault.exe	52
2448	2360	WerFault.exe	54
1804	1348	WerFault.exe	53
2288	1788	WerFault.exe	57
2320	900	WerFault.exe	58
760	2156	WerFault.exe	62
2496	2068	WerFault.exe	61
892	1052	WerFault.exe	64
1368	884	WerFault.exe	63
2324	2700	WerFault.exe	68
572	1928	WerFault.exe	67
2152	2756	WerFault.exe	69
2628	2748	WerFault.exe	70
2744	3056	WerFault.exe	66
3312	2752	WerFault.exe	72
3364	2396	WerFault.exe	76
3420	2580	WerFault.exe	74
3464	2848	WerFault.exe	77
3540	2536	WerFault.exe	80
3628	1220	WerFault.exe	86
3620	2008	WerFault.exe	87
3652	2316	WerFault.exe	81
3688	2404	WerFault.exe	82
3704	2476	WerFault.exe	83
3736	628	WerFault.exe	92
3760	556	WerFault.exe	90
3768	1852	WerFault.exe	93
3972	2928	WerFault.exe	88
3508	1120	WerFault.exe	91
3776	1044	WerFault.exe	94
3816	1720	WerFault.exe	106
3836	2188	WerFault.exe	103
3848	2240	WerFault.exe	107
3892	1420	WerFault.exe	85
3224	532	WerFault.exe	89
3300	2736	WerFault.exe	84
4048	3048	WerFault.exe	128
3408	1936	WerFault.exe	123
3472	2064	WerFault.exe	119
3484	2920	WerFault.exe	131
4036	2948	WerFault.exe	129
3216	764	WerFault.exe	115
3432	2760	WerFault.exe	130
3752	1304	WerFault.exe	117
3896	1792	WerFault.exe	126

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2176	4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe
2956	Unicorn-26991.exe
3012	Unicorn-28392.exe
2288	Unicorn-28863.exe
2804	Unicorn-54178.exe
2860	Unicorn-42864.exe
2072	Unicorn-61827.exe
1868	Unicorn-31423.exe
2996	Unicorn-27893.exe
2888	Unicorn-55927.exe
1648	Unicorn-1184.exe
1668	Unicorn-42409.exe
2836	Unicorn-47048.exe
1436	Unicorn-42601.exe
2096	Unicorn-30903.exe
2088	Unicorn-48641.exe
776	Unicorn-2969.exe
1476	Unicorn-3161.exe
1812	Unicorn-19498.exe
1240	Unicorn-65169.exe
824	Unicorn-17106.exe
1348	Unicorn-25274.exe
2360	Unicorn-5408.exe
1788	Unicorn-62772.exe
900	Unicorn-51459.exe
2068	Unicorn-46628.exe
2156	Unicorn-43098.exe
1052	Unicorn-23852.exe
884	Unicorn-15684.exe
2196	Unicorn-3986.exe
3056	Unicorn-15876.exe
1928	Unicorn-4178.exe
2748	Unicorn-48548.exe
2756	Unicorn-28682.exe
2700	Unicorn-22975.exe
2752	Unicorn-45821.exe
2580	Unicorn-64617.exe
2848	Unicorn-40990.exe
2396	Unicorn-52920.exe
2536	Unicorn-17529.exe
2316	Unicorn-25697.exe
2404	Unicorn-50585.exe
2476	Unicorn-30719.exe
2736	Unicorn-47056.exe
1220	Unicorn-6023.exe
1420	Unicorn-9552.exe
2008	Unicorn-34057.exe
2928	Unicorn-16377.exe
556	Unicorn-12847.exe
532	Unicorn-16377.exe
628	Unicorn-37735.exe
1044	Unicorn-29567.exe
1120	Unicorn-49433.exe
1852	Unicorn-40881.exe
928	Unicorn-34379.exe
1944	Unicorn-11794.exe
2188	Unicorn-28131.exe
1720	Unicorn-24601.exe
1628	Unicorn-289.exe
2240	Unicorn-11986.exe
2528	Unicorn-20347.exe
2532	Unicorn-36168.exe
2880	Unicorn-18488.exe
1716	Unicorn-55074.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2956	2176	4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe	28
PID 2176 wrote to memory of 2956	2176	4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe	28
PID 2176 wrote to memory of 2956	2176	4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe	28
PID 2176 wrote to memory of 2956	2176	4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe	28
PID 2956 wrote to memory of 3012	2956	Unicorn-26991.exe	29
PID 2956 wrote to memory of 3012	2956	Unicorn-26991.exe	29
PID 2956 wrote to memory of 3012	2956	Unicorn-26991.exe	29
PID 2956 wrote to memory of 3012	2956	Unicorn-26991.exe	29
PID 2176 wrote to memory of 2288	2176	4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe	30
PID 2176 wrote to memory of 2288	2176	4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe	30
PID 2176 wrote to memory of 2288	2176	4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe	30
PID 2176 wrote to memory of 2288	2176	4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe	30
PID 2176 wrote to memory of 2672	2176	4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe	31
PID 2176 wrote to memory of 2672	2176	4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe	31
PID 2176 wrote to memory of 2672	2176	4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe	31
PID 2176 wrote to memory of 2672	2176	4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe	31
PID 3012 wrote to memory of 2804	3012	Unicorn-28392.exe	32
PID 3012 wrote to memory of 2804	3012	Unicorn-28392.exe	32
PID 3012 wrote to memory of 2804	3012	Unicorn-28392.exe	32
PID 3012 wrote to memory of 2804	3012	Unicorn-28392.exe	32
PID 2956 wrote to memory of 2860	2956	Unicorn-26991.exe	33
PID 2956 wrote to memory of 2860	2956	Unicorn-26991.exe	33
PID 2956 wrote to memory of 2860	2956	Unicorn-26991.exe	33
PID 2956 wrote to memory of 2860	2956	Unicorn-26991.exe	33
PID 2956 wrote to memory of 796	2956	Unicorn-26991.exe	34
PID 2956 wrote to memory of 796	2956	Unicorn-26991.exe	34
PID 2956 wrote to memory of 796	2956	Unicorn-26991.exe	34
PID 2956 wrote to memory of 796	2956	Unicorn-26991.exe	34
PID 2288 wrote to memory of 2072	2288	Unicorn-28863.exe	35
PID 2288 wrote to memory of 2072	2288	Unicorn-28863.exe	35
PID 2288 wrote to memory of 2072	2288	Unicorn-28863.exe	35
PID 2288 wrote to memory of 2072	2288	Unicorn-28863.exe	35
PID 2804 wrote to memory of 1868	2804	Unicorn-54178.exe	36
PID 2804 wrote to memory of 1868	2804	Unicorn-54178.exe	36
PID 2804 wrote to memory of 1868	2804	Unicorn-54178.exe	36
PID 2804 wrote to memory of 1868	2804	Unicorn-54178.exe	36
PID 2860 wrote to memory of 2888	2860	Unicorn-42864.exe	37
PID 2860 wrote to memory of 2888	2860	Unicorn-42864.exe	37
PID 2860 wrote to memory of 2888	2860	Unicorn-42864.exe	37
PID 2860 wrote to memory of 2888	2860	Unicorn-42864.exe	37
PID 3012 wrote to memory of 2996	3012	Unicorn-28392.exe	38
PID 3012 wrote to memory of 2996	3012	Unicorn-28392.exe	38
PID 3012 wrote to memory of 2996	3012	Unicorn-28392.exe	38
PID 3012 wrote to memory of 2996	3012	Unicorn-28392.exe	38
PID 3012 wrote to memory of 1272	3012	Unicorn-28392.exe	39
PID 3012 wrote to memory of 1272	3012	Unicorn-28392.exe	39
PID 3012 wrote to memory of 1272	3012	Unicorn-28392.exe	39
PID 3012 wrote to memory of 1272	3012	Unicorn-28392.exe	39
PID 2072 wrote to memory of 1648	2072	Unicorn-61827.exe	40
PID 2072 wrote to memory of 1648	2072	Unicorn-61827.exe	40
PID 2072 wrote to memory of 1648	2072	Unicorn-61827.exe	40
PID 2072 wrote to memory of 1648	2072	Unicorn-61827.exe	40
PID 1868 wrote to memory of 1668	1868	Unicorn-31423.exe	41
PID 1868 wrote to memory of 1668	1868	Unicorn-31423.exe	41
PID 1868 wrote to memory of 1668	1868	Unicorn-31423.exe	41
PID 1868 wrote to memory of 1668	1868	Unicorn-31423.exe	41
PID 2804 wrote to memory of 2836	2804	Unicorn-54178.exe	42
PID 2804 wrote to memory of 2836	2804	Unicorn-54178.exe	42
PID 2804 wrote to memory of 2836	2804	Unicorn-54178.exe	42
PID 2804 wrote to memory of 2836	2804	Unicorn-54178.exe	42
PID 2888 wrote to memory of 1436	2888	Unicorn-55927.exe	43
PID 2888 wrote to memory of 1436	2888	Unicorn-55927.exe	43
PID 2888 wrote to memory of 1436	2888	Unicorn-55927.exe	43
PID 2888 wrote to memory of 1436	2888	Unicorn-55927.exe	43

C:\Users\Admin\AppData\Local\Temp\4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4d6309d07367c3b98d79e79ff822dac0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28392.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54178.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46628.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25697.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30762.exe
        10⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        10⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        11⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        12⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50340.exe
        13⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1392.exe
        14⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        15⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 216
        15⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 216
        14⤵
        
        PID:10440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 236
        13⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
        12⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 216
        11⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 220
        10⤵
        Program crash
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        9⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        10⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41883.exe
        11⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        12⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25665.exe
        13⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3037.exe
        14⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        15⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10652 -s 204
        15⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 216
        14⤵
        
        PID:10776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
        13⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        12⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
        11⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55266.exe
        10⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        11⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-314.exe
        12⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63909.exe
        13⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        14⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
        13⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
        12⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        11⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
        10⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
        9⤵
        Program crash
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30719.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
        9⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22454.exe
        10⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56299.exe
        11⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65002.exe
        12⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17035.exe
        13⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
        14⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46244.exe
        15⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 216
        14⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
        13⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        12⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
        11⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
        10⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32522.exe
        11⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        12⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        13⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
        13⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
        12⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        11⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 240
        10⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24077.exe
        9⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        10⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43025.exe
        11⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52836.exe
        12⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50977.exe
        13⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28724.exe
        14⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 216
        14⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
        13⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
        12⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        11⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        10⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
        9⤵
        Program crash
        
        PID:3704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
        8⤵
        Program crash
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17529.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20347.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
        10⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        11⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
        12⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        13⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        14⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19467.exe
        15⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
        14⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
        13⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
        12⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 216
        11⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52111.exe
        10⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        11⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        12⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
        13⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        14⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10624 -s 216
        14⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
        13⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
        12⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        11⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
        10⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
        9⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
        10⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
        11⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
        12⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
        13⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        14⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10272 -s 216
        14⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
        13⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
        12⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
        11⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 236
        10⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        9⤵
        Program crash
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36168.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16860.exe
        9⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
        10⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33705.exe
        11⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
        12⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50593.exe
        13⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28724.exe
        14⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 216
        14⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 216
        13⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
        12⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
        11⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
        10⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
        10⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35177.exe
        11⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29078.exe
        12⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50120.exe
        13⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10568 -s 216
        13⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
        12⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
        11⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        10⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        9⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
        8⤵
        Program crash
        
        PID:760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
        7⤵
        Program crash
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23852.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7985.exe
        9⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43943.exe
        10⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18256.exe
        11⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
        12⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        13⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        14⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
        14⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
        13⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        12⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
        11⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
        10⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        11⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        12⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 220
        13⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
        12⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        11⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
        10⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32245.exe
        9⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
        10⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
        11⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39811.exe
        12⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61496.exe
        13⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
        14⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 216
        13⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
        12⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        11⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
        10⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
        9⤵
        Program crash
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe
        9⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
        10⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1276.exe
        11⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        12⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        13⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
        13⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        12⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        11⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        10⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe
        9⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
        10⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
        11⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        12⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        13⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
        12⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        11⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
        10⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 220
        9⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
        8⤵
        Program crash
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47056.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30762.exe
        8⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        9⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19813.exe
        10⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39899.exe
        11⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1638.exe
        12⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
        13⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9460 -s 236
        13⤵
        
        PID:12460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
        12⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        11⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 216
        10⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 236
        9⤵
        Program crash
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13989.exe
        8⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        9⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        10⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
        11⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36136.exe
        12⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 216
        12⤵
        
        PID:852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
        11⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
        10⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        9⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
        8⤵
        Program crash
        
        PID:3300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
        7⤵
        Program crash
        
        PID:1500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
        6⤵
        Program crash
        
        PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19498.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
        9⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19247.exe
        10⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
        11⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        12⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28182.exe
        13⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
        14⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 216
        14⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        13⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        12⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 216
        11⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
        10⤵
        Program crash
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        9⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
        10⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe
        11⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
        12⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52846.exe
        13⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 216
        13⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
        12⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
        11⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 216
        10⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
        9⤵
        Program crash
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe
        8⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9158.exe
        9⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27322.exe
        10⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16430.exe
        11⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        12⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
        13⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 236
        13⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 236
        12⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        11⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
        10⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
        9⤵
        Program crash
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
        8⤵
        Program crash
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6023.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55074.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33388.exe
        9⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17440.exe
        10⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46092.exe
        11⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        12⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        13⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 236
        13⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
        12⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        11⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 216
        10⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
        9⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30088.exe
        10⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
        11⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57993.exe
        12⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        13⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10396 -s 216
        13⤵
        
        PID:12944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
        12⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
        11⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        10⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12453.exe
        8⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        10⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5026.exe
        11⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47251.exe
        12⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        13⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10940 -s 216
        13⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
        12⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        11⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        10⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
        9⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
        8⤵
        Program crash
        
        PID:3628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
        7⤵
        Program crash
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3986.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63626.exe
        8⤵
        Executes dropped EXE
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
        9⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
        10⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
        11⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
        12⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
        13⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21.exe
        14⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10780 -s 216
        14⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
        13⤵
        
        PID:11332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
        12⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
        11⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
        10⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62007.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64042.exe
        10⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        11⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61496.exe
        12⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        13⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 236
        12⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
        11⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        10⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 240
        9⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
        9⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36715.exe
        10⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38118.exe
        11⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        12⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 236
        12⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
        11⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        10⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        9⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        8⤵
        Program crash
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        8⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18521.exe
        9⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28332.exe
        10⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41465.exe
        11⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        12⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10344 -s 216
        12⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
        11⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        10⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
        9⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
        8⤵
        
        PID:5064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
        6⤵
        Program crash
        
        PID:3008
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27893.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2996
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 220
        5⤵
        Program crash
        
        PID:676
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42864.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42601.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17106.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15876.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
        9⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        10⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
        11⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
        12⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56895.exe
        13⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
        14⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9384 -s 216
        14⤵
        
        PID:12376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
        13⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        12⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
        11⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
        10⤵
        Program crash
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38301.exe
        9⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59693.exe
        10⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57493.exe
        11⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        12⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9550.exe
        13⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 236
        13⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 236
        12⤵
        
        PID:9312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
        11⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 216
        10⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
        9⤵
        Program crash
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58359.exe
        9⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
        10⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44935.exe
        11⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        12⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
        13⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 236
        13⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
        12⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        11⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 216
        10⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
        9⤵
        Program crash
        
        PID:3432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
        8⤵
        Program crash
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37735.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6205.exe
        8⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32619.exe
        9⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
        10⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        11⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
        12⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 216
        12⤵
        
        PID:12388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
        11⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
        10⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
        9⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 236
        8⤵
        Program crash
        
        PID:3736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 240
        7⤵
        Program crash
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16377.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24514.exe
        8⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
        9⤵
        Program crash
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7741.exe
        8⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6299.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
        10⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34430.exe
        11⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        12⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8752 -s 216
        12⤵
        
        PID:924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        11⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        10⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 216
        9⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 220
        8⤵
        Program crash
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12816.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3102.exe
        8⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22122.exe
        9⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35947.exe
        10⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        11⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        12⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        13⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10988 -s 216
        13⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
        12⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
        11⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        10⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 216
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2448.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44359.exe
        9⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63921.exe
        10⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63406.exe
        11⤵
        
        PID:10836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 236
        11⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
        10⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        9⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 220
        8⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 220
        7⤵
        Program crash
        
        PID:572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
        6⤵
        Program crash
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5408.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48548.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40881.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        9⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10746.exe
        10⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28355.exe
        11⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        12⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        13⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60488.exe
        14⤵
        
        PID:13276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10856 -s 216
        14⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 216
        13⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 220
        12⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        11⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
        10⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        9⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25719.exe
        10⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        11⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe
        12⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 236
        12⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
        10⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        9⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54638.exe
        8⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24696.exe
        9⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe
        10⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28633.exe
        11⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58185.exe
        12⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29876.exe
        13⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10444 -s 216
        13⤵
        
        PID:13008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 216
        12⤵
        
        PID:10764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
        11⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        10⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
        9⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
        8⤵
        Program crash
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
        7⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-990.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38396.exe
        9⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
        10⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58550.exe
        11⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
        12⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
        12⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
        11⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
        10⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
        9⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
        8⤵
        Program crash
        
        PID:3484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        7⤵
        Program crash
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56994.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        8⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe
        9⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
        10⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34430.exe
        11⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35752.exe
        12⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
        12⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        11⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
        10⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 236
        9⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
        8⤵
        Program crash
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
        7⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58349.exe
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-752.exe
        9⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
        10⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20589.exe
        11⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
        11⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 236
        10⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
        9⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
        8⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 240
        7⤵
        Program crash
        
        PID:3776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
        6⤵
        Program crash
        
        PID:2448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
        5⤵
        Program crash
        
        PID:1156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25274.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22975.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16377.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8177.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
        9⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7311.exe
        10⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10288.exe
        11⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37054.exe
        12⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27432.exe
        13⤵
        
        PID:13244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10500 -s 216
        13⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
        12⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        11⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
        10⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
        9⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2588.exe
        8⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60228.exe
        10⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe
        11⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57905.exe
        12⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 216
        12⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        11⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
        10⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 216
        9⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        8⤵
        Program crash
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4648.exe
        7⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52111.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50051.exe
        9⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24354.exe
        10⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25696.exe
        11⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17698.exe
        12⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
        12⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
        11⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        10⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
        9⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45754.exe
        8⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2236.exe
        9⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
        10⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52804.exe
        11⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
        11⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        10⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
        9⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 240
        8⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        7⤵
        Program crash
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57783.exe
        8⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28365.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23947.exe
        10⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51031.exe
        11⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
        12⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 216
        12⤵
        
        PID:12448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
        11⤵
        
        PID:9880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        10⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 216
        9⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
        8⤵
        Program crash
        
        PID:4048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 216
        7⤵
        Program crash
        
        PID:3760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 220
        6⤵
        Program crash
        
        PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16860.exe
        7⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7695.exe
        9⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22934.exe
        10⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
        11⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 220
        11⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        10⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        9⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 216
        8⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7695.exe
        8⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        9⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53582.exe
        10⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60820.exe
        11⤵
        
        PID:12868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 216
        11⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 216
        10⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
        9⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        8⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
        7⤵
        
        PID:4264
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
        6⤵
        Program crash
        
        PID:2152
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        5⤵
        Program crash
        
        PID:548
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2936
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28863.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28863.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61827.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2969.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45821.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40134.exe
        9⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17239.exe
        10⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37922.exe
        11⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24807.exe
        12⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
        13⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
        13⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
        12⤵
        
        PID:10880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 236
        11⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
        10⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
        9⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36988.exe
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        9⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21202.exe
        10⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39031.exe
        11⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        12⤵
        
        PID:12564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 216
        12⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
        11⤵
        
        PID:10768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 236
        10⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
        9⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62915.exe
        7⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48302.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
        9⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
        10⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6358.exe
        11⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
        12⤵
        
        PID:12592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 216
        12⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
        11⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        10⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        9⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
        8⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
        7⤵
        Program crash
        
        PID:3312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 216
        6⤵
        Program crash
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51459.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40990.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
        8⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8634.exe
        9⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
        10⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        11⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6400.exe
        12⤵
        
        PID:11092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
        12⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
        11⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        10⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 216
        9⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
        8⤵
        Program crash
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        7⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57944.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
        9⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe
        10⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        11⤵
        
        PID:10828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10828 -s 188
        12⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
        11⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
        10⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        9⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
        8⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        7⤵
        Program crash
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-289.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
        7⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30555.exe
        9⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
        10⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
        11⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        12⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10704 -s 216
        12⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 220
        11⤵
        
        PID:11284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
        10⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        9⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 216
        8⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        7⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60451.exe
        8⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        9⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        10⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        11⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 220
        10⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
        9⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        8⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        7⤵
        
        PID:4844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
        6⤵
        Program crash
        
        PID:2320
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        5⤵
        Program crash
        
        PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57316.exe
        8⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10746.exe
        9⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8676.exe
        10⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4009.exe
        11⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61548.exe
        12⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
        12⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
        11⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
        10⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
        9⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
        8⤵
        Program crash
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        7⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
        9⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        10⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20526.exe
        11⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15013.exe
        12⤵
        
        PID:13064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10528 -s 216
        12⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
        11⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
        10⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        9⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
        8⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
        7⤵
        Program crash
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24601.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
        7⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60804.exe
        9⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53231.exe
        10⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57905.exe
        11⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 216
        11⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
        10⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
        9⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 236
        7⤵
        Program crash
        
        PID:3816
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        6⤵
        Program crash
        
        PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52920.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20626.exe
        10⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33359.exe
        11⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
        12⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
        12⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
        11⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        10⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        9⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57311.exe
        8⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4481.exe
        9⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
        10⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63970.exe
        11⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10124 -s 216
        11⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 236
        10⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 236
        9⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
        8⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
        7⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38410.exe
        6⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        8⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
        9⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58932.exe
        10⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
        11⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 216
        11⤵
        
        PID:12748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
        10⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
        9⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        8⤵
        
        PID:5592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
        6⤵
        Program crash
        
        PID:3364
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        5⤵
        Program crash
        
        PID:1316
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
      4⤵
      Program crash
      PID:468
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
  2⤵
  - Program crash
  PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe

Filesize
184KB

MD5
e15357b36d501b405ab3ccb324a9fcc0

SHA1
6b18c71ca4ce2c01424e4501e9adb12e9ce2675d

SHA256
e7635c3d717052f59d73fcc0acc496911306b7d77f1e7071490a52c08d222362

SHA512
f4e28f243fdf64b9da29aa7f70a19820c668614ce018415656c10374d2a4fd65ba055dc0574500d8a3b38e02fef511bc5dbba662168325262c8f8e69948d7cca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe

Filesize
184KB

MD5
bd334e806deaafc8a5ce68681c9dd2cd

SHA1
e6a9ed54d7bfea98dfe6a60733dec14a809a87b1

SHA256
f7f9dcdb036c24c16023998f0ce1b94de545220671c921ae0c3361a11df74f39

SHA512
a596a5af6cbd60a4c68022de5745a982d47e3980517ed050c7d8fec05b1778b3d0e16b2d8b7e97a71c9bdec29185f07ae7e0b18441d9416665bd84afbe70cc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42601.exe

Filesize
184KB

MD5
707f30c8a86a004ee8ca06679e292ef1

SHA1
75ac9a7d3bdf330c802718b219d90fde8bddf56e

SHA256
f12a738213c7ca3a81cdc608149b930d8fa6346cc8e20041d364f7d9d27694af

SHA512
c0b5725632f04cbd01e691fd1976dcd2c44a0d6489ec919113b83395e5c34c3efdd2c75a0522c49863cc755cf3fbe20aab98114532e46b598ad088e77e2959f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42864.exe

Filesize
184KB

MD5
09bede3d9c5cda2ab2be9e766dd4e6c4

SHA1
585c2aa6363c7a879f409b88b185a9f2dd8abb18

SHA256
4593cd9824a7c3ebcd0ada94494843a3d6a329d1b48738627496281e1555d65e

SHA512
fd2deab74669a52da3b1541b1b6a58443b16699b5de032c7a4b1117c2a325339c586a997cbe958578934a60df51ca2b9ac535a0350576026b656d5b2f626a58f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe

Filesize
184KB

MD5
60a0a75d6adb92074a00fe6df0b2fe47

SHA1
2feb664260f67946809593eea5bd63793ce0d61b

SHA256
ddff6c22e98ff96c2bc391eface840dcc99285235f839590e694cc63f707e15f

SHA512
05b8052e5ec8055699b95047afbd0592d465ea7d2f6ac0a5ffda1a8f6f012833a976746f76aec94e224e8499231dcf178ea7769eb8f6d728625b03e5d86642c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe

Filesize
184KB

MD5
74e474873d149740031129d664f5acb5

SHA1
dccbe19408da94c094e787b5e43d2e017871230d

SHA256
473205ba461dd98650fb45447b7cbb667f3db8f24de979be6abb17242bab63d4

SHA512
b8772f9fa149fdb9abe79b8db31911f713bd4cce99908ad9efd10b9616c450c5b43d4c8398f6e3f6c2abe7e9ff2f4332ef99dbf55edb479c2d41b2361525469e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe

Filesize
184KB

MD5
0d866fce827edb0239576e6dd93430b9

SHA1
8fa9f8ea08b655c45615c2fb411a924b9ddcbd41

SHA256
096f453d2e3961fe4e2bc0449b8a0bb3951f592e85620c87b8e2b8ee29aca0e4

SHA512
1e33749a69ce7c2e42611c3532633e684e10da9286c11811bf24b3d46ffe0f6298fd01164236951b18a32f6bce73ffdfd801d6ba8beeaeca866c626dc398849a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6299.exe

Filesize
184KB

MD5
abcdf323566a040a2d9c1977a6e5cc3e

SHA1
c1b03668d634f563a96fbc8d06c4fb672e9a8e7c

SHA256
2b77f69103e460672e167bf21f260b50e5e223f0afae57005d1a854dea045ef1

SHA512
bb6c5afb998d46628b181ba77e4028f4774756e735b79e18f4d19803aef54ebe499646d3dcd8d131880b51e2673701a47fb78db6a1ddedd16f060711113e8c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe

Filesize
184KB

MD5
6e462117406162cbf7160c18176e1f89

SHA1
9ec851ec9de8d5c6669f807005869ee46b92af86

SHA256
f9a122ecfb208e6ce33143e7d51f5a416cd523402120f2f51590e5beb7ac1370

SHA512
698a380bd93e249e9a176e0eed189ef890d3dbd96bef07d16b62f186e46cb9acafebfbf63fb9daa1bdab160af3f69e04662de597721e6ce2b3241ff27a085409

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64042.exe

Filesize
184KB

MD5
c12889d7c724cd2e2c0cc82c0f0b6fc8

SHA1
9f41102374049befeec78b76225049068ff8ad38

SHA256
e2a401e41d0637044acee69d83383f4932f75ea5910e7f102ba26a5e40fb32de

SHA512
64cdb7cb43309e9fe0e49dafcc8686606d99b99a1aaf33dbeb04de238031c3a7a18f243038a219666bce2fa6307231296f820149518dc94b41f0ef52092d8b66

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe

Filesize
184KB

MD5
a3bf9643e299ac8734ddc8b15fcfa0e6

SHA1
b15a7e376a3b028ed406dad0f2ff9df66bee0867

SHA256
afdf88c602633406c7079a0e44a602c99a77481889398dbba5d1aa0b751dca39

SHA512
7a1cd7e6835044dbf90346b2c17a49cba95bb0feeb82007ddd02f272006b41290395fa4796ac430fe1bec8fc6fc1730e55363658b42cc1065d55f78e2807557c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe

Filesize
184KB

MD5
0b91c7de5dd5f3a618b76fd4a6255548

SHA1
9a1918324bb8961f320718870210be0c5f6c3a99

SHA256
89fcd048e38e780027e894909610dad978274c7b32c3997c2500d552cf54bc63

SHA512
5e53d3a6e9977e954f9a1611382a3a9c95472987e6c85628d1158716241da13bd9a12f97fb74a44f81b529cccdd180b3c3b78bdc4131ffbd19a56ce3e9f22446

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27893.exe

Filesize
184KB

MD5
e205602bcac07c5650ec11b2d6c6071e

SHA1
ff72c8edde84c65bb2dca072a324b16e4384662e

SHA256
a48e720eb26f26b7944c65e6029b03a711a83c4e8d02f5fe21ad21c011e3f92f

SHA512
5fa21e9a0dc240fcc1abfe5d3caec29789f9342506cda92cc1b34034812363bd576f911088805c2dd0c3ef118ac1cfbaf4b0cf110c2c4d5baa7f3e9359d87406

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28392.exe

Filesize
184KB

MD5
d73bcb622d7032a2423a8155f9792964

SHA1
8c299fea9dfbd775668e048f63d3918e3e748b90

SHA256
a00e76571b62aa00a3ef05d97cb6ecdf7ee74209d7ab3cbcbb56f35d9c78025c

SHA512
bb8258c90433d0979d55588ad7ee421bca4de8411171096b29cea4171cffd67417b76b46e40c888a1f2d56402e06189367bb1f109cee0f60aedbe0092f64160d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28863.exe

Filesize
184KB

MD5
10b66b9203678e742cf4e20f670e725a

SHA1
1f034c4d965d68199bd51b11b8ade91e75a92fb3

SHA256
16be0a3b654a35388871e24f3071ccf5dd41061399ac18506c2ee206b3a700e6

SHA512
583da33498f5cb8825d04b8595ba55c27934359910adcfe1dac7fa30bffd6230f214bbb81a4bd5e5eb80832a1b0d81f5af4885f9668f945bea831d9cd69da892

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe

Filesize
184KB

MD5
9da13435f0092a7fc929dee96e901ed3

SHA1
79ab9e221fec0dbb33443b1957f3c652a99a7cb3

SHA256
6eaba30eccceafc99d316f3be254c031ff097a51766b071d401dda15ef927551

SHA512
e52b402be23cc8ba9538931fb8d9442b77c6a0068067767b57e56073843258e195939e6f8b16c909c1d4fbb8ab861867d7a2ca5c9428117b13cbd6849ea0c9ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe

Filesize
184KB

MD5
8f3d9ba2199b5508ee2418e2ff461d81

SHA1
69f24142d813c290e4d442cc8dd9f9113cabf0cd

SHA256
51bfa66de57d94cbd33976d410cb26c75874bea4b1cfad7db67382bfd49e6cee

SHA512
fc130c5e6f6436a3175f802b831d1ac179ec73e7e32728fc3092fca5f73bb0a2916f11c2622e3086a14e7de10c6e2b1536fd481f37405316976c6f2513f9454f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54178.exe

Filesize
184KB

MD5
9946b1f650ca61705f9c1b28309841d9

SHA1
7661f033cd0282dad24fd98b61ed64cf9846c47f

SHA256
d0788ff6d6d8bfb5153a5d2a9618a01ad39b888c19689eaafeaf130a5eacb304

SHA512
516e3a65f2ba6822fe39b220ae517ba42368da3f9baa5397e9b9ebf47a172ec43266f1f8cc33e45ce60bc996f731497bd44c0ca08bb4ce7b71259381796acb4d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe

Filesize
184KB

MD5
e18c1bf11f1d52853679d750f0ff9e5f

SHA1
fff101d183ffcf4f068e0d15f18a0cdabcb2910c

SHA256
7972095515ffa14b0088dbbc605cce327385ccf4d9d56c2b499b6e6b8e3ba4cf

SHA512
1fcf6c3bba91b4aed5a90dc605bd29aa46e7365024e5ed7a35f683b9b84f8b9824a984a8702143e69f087c0911e5ca82f3c4d73660d06e126bc2c1a4d3b84bcb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61827.exe

Filesize
184KB

MD5
dff2e705eec2416f63268cedd0b6e073

SHA1
e804f87e08e71ba9d33c9adc94e3283caa95503b

SHA256
4b962151785e0c4b98ede611e2bfc7a30e9c9f2ef84d1482b3121ac6e0035437

SHA512
2269c5b5537c6224e031e8f588cf197c61ffd07393d68a290507b48a18a59882591022130b358b1ae16031a70527c50ac5e3788495fb613a46e1cbb323688f64

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads