4b2c9546a3676505919118ff5c68174a759baad960106373e9e6f7bed42e4e99

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02-06-2024 21:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe
Size

184KB
MD5

6a2d8050a9a01af2e65b828a4bbdfed0
SHA1

0473eec7d42d1a413147a1766ab887ca584a0a06
SHA256

4b2c9546a3676505919118ff5c68174a759baad960106373e9e6f7bed42e4e99
SHA512

04aaa022c863d0bcfca821377d42f3c11e80eac969f3bd9f3d4df0af7cf6e45b7422770e8258c04b12eaf57672651ac5162eae78f4a71e254f8f83c6cf9c974c
SSDEEP

1536:67zv6j5Z/3Kxoy0JOZDAFYwMUVIyGZclRmd82jLa2RzeHMtlShj5mizpv9:s233KxoToZDRdUife0jLaWqMtlowiFl

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
860	Unicorn-19236.exe
1884	Unicorn-18804.exe
2160	Unicorn-7943.exe
3008	Unicorn-6080.exe
2636	Unicorn-16195.exe
2508	Unicorn-27055.exe
2360	Unicorn-6127.exe
2440	Unicorn-29240.exe
1312	Unicorn-10211.exe
2696	Unicorn-55883.exe
1996	Unicorn-25178.exe
2664	Unicorn-61140.exe
1780	Unicorn-54918.exe
2876	Unicorn-32360.exe
1832	Unicorn-8410.exe
2200	Unicorn-42666.exe
2244	Unicorn-53527.exe
588	Unicorn-38582.exe
584	Unicorn-49443.exe
2008	Unicorn-32635.exe
1476	Unicorn-43495.exe
1612	Unicorn-22329.exe
1748	Unicorn-33189.exe
888	Unicorn-13968.exe
1812	Unicorn-39219.exe
1048	Unicorn-20191.exe
988	Unicorn-43303.exe
884	Unicorn-28359.exe
608	Unicorn-63169.exe
2944	Unicorn-8493.exe
1592	Unicorn-7746.exe
2260	Unicorn-22412.exe
2284	Unicorn-3937.exe
2120	Unicorn-14798.exe
2656	Unicorn-24358.exe
2628	Unicorn-35218.exe
2392	Unicorn-42832.exe
2208	Unicorn-53693.exe
2888	Unicorn-18882.exe
2700	Unicorn-46916.exe
2604	Unicorn-48862.exe
2012	Unicorn-29018.exe
2740	Unicorn-35794.exe
2084	Unicorn-55660.exe
2032	Unicorn-37186.exe
1604	Unicorn-13236.exe
2912	Unicorn-43963.exe
2856	Unicorn-33102.exe
2196	Unicorn-12681.exe
1280	Unicorn-58353.exe
1848	Unicorn-15395.exe
952	Unicorn-5644.exe
2308	Unicorn-21426.exe
2968	Unicorn-7035.exe
2028	Unicorn-64959.exe
1264	Unicorn-50014.exe
1724	Unicorn-60896.exe
1896	Unicorn-38338.exe
2520	Unicorn-59505.exe
2780	Unicorn-46506.exe
2964	Unicorn-54674.exe
2932	Unicorn-10112.exe
2692	Unicorn-60704.exe
2748	Unicorn-56620.exe

Loads dropped DLL 64 IoCs

pid	Process
2168	6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe
2168	6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe
860	Unicorn-19236.exe
2168	6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe
2168	6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe
860	Unicorn-19236.exe
1884	Unicorn-18804.exe
1884	Unicorn-18804.exe
2160	Unicorn-7943.exe
2160	Unicorn-7943.exe
860	Unicorn-19236.exe
860	Unicorn-19236.exe
2548	WerFault.exe
2548	WerFault.exe
2548	WerFault.exe
2548	WerFault.exe
2548	WerFault.exe
2636	Unicorn-16195.exe
2636	Unicorn-16195.exe
2160	Unicorn-7943.exe
2160	Unicorn-7943.exe
3008	Unicorn-6080.exe
3008	Unicorn-6080.exe
2508	Unicorn-27055.exe
1884	Unicorn-18804.exe
2508	Unicorn-27055.exe
1884	Unicorn-18804.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2624	WerFault.exe
2624	WerFault.exe
2624	WerFault.exe
2332	WerFault.exe
2624	WerFault.exe
2624	WerFault.exe
2440	Unicorn-29240.exe
2440	Unicorn-29240.exe
2696	Unicorn-55883.exe
2696	Unicorn-55883.exe
2360	Unicorn-6127.exe
2360	Unicorn-6127.exe
2636	Unicorn-16195.exe
1312	Unicorn-10211.exe
2636	Unicorn-16195.exe
1312	Unicorn-10211.exe
3008	Unicorn-6080.exe
3008	Unicorn-6080.exe
1996	Unicorn-25178.exe
1996	Unicorn-25178.exe
2508	Unicorn-27055.exe
2508	Unicorn-27055.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
452	WerFault.exe
452	WerFault.exe
452	WerFault.exe
452	WerFault.exe
452	WerFault.exe
1992	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1236	2168	WerFault.exe	27
2548	860	WerFault.exe	28
2332	1884	WerFault.exe	30
2624	2160	WerFault.exe	29
1752	2636	WerFault.exe	33
452	3008	WerFault.exe	32
1992	2508	WerFault.exe	34
1796	2440	WerFault.exe	37
1820	2696	WerFault.exe	40
2272	2360	WerFault.exe	36
2816	1312	WerFault.exe	38
2472	1996	WerFault.exe	39
2576	1748	WerFault.exe	57
2908	2664	WerFault.exe	43
2328	1780	WerFault.exe	44
1744	2876	WerFault.exe	45
1740	588	WerFault.exe	49
904	1832	WerFault.exe	46
596	2200	WerFault.exe	47
352	584	WerFault.exe	50
1380	2244	WerFault.exe	48
2164	2008	WerFault.exe	54
1732	1476	WerFault.exe	55
2128	1612	WerFault.exe	56
2524	888	WerFault.exe	58
2424	1812	WerFault.exe	59
2484	988	WerFault.exe	61
2044	1048	WerFault.exe	60
1868	2944	WerFault.exe	64
2124	884	WerFault.exe	63
2452	608	WerFault.exe	62
2772	1592	WerFault.exe	65
2088	2260	WerFault.exe	68
808	2120	WerFault.exe	71
3188	2284	WerFault.exe	70
3272	2656	WerFault.exe	75
3280	2208	WerFault.exe	78
3344	2392	WerFault.exe	77
3352	2084	WerFault.exe	83
3396	2888	WerFault.exe	79
3412	2628	WerFault.exe	76
3484	2604	WerFault.exe	81
3492	2912	WerFault.exe	87
3500	2032	WerFault.exe	85
3508	2740	WerFault.exe	84
3516	1280	WerFault.exe	90
3824	2552	WerFault.exe	146
3240	2700	WerFault.exe	80
3320	1848	WerFault.exe	93
3368	2968	WerFault.exe	102
3404	2196	WerFault.exe	89
3472	2964	WerFault.exe	109
3544	1100	WerFault.exe	121
3572	2748	WerFault.exe	112
3648	1888	WerFault.exe	116
3704	780	WerFault.exe	122
3728	2932	WerFault.exe	110
3756	1800	WerFault.exe	120
3768	2732	WerFault.exe	114
3956	1716	WerFault.exe	118
4084	1604	WerFault.exe	86
3100	2780	WerFault.exe	108
3112	1028	WerFault.exe	119
3596	2500	WerFault.exe	123

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2168	6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe
860	Unicorn-19236.exe
1884	Unicorn-18804.exe
2160	Unicorn-7943.exe
2636	Unicorn-16195.exe
3008	Unicorn-6080.exe
2508	Unicorn-27055.exe
2360	Unicorn-6127.exe
2440	Unicorn-29240.exe
1312	Unicorn-10211.exe
2696	Unicorn-55883.exe
1996	Unicorn-25178.exe
2664	Unicorn-61140.exe
1780	Unicorn-54918.exe
2876	Unicorn-32360.exe
1832	Unicorn-8410.exe
2200	Unicorn-42666.exe
2244	Unicorn-53527.exe
588	Unicorn-38582.exe
584	Unicorn-49443.exe
2008	Unicorn-32635.exe
1476	Unicorn-43495.exe
1748	Unicorn-33189.exe
1612	Unicorn-22329.exe
888	Unicorn-13968.exe
1812	Unicorn-39219.exe
1048	Unicorn-20191.exe
988	Unicorn-43303.exe
884	Unicorn-28359.exe
608	Unicorn-63169.exe
1592	Unicorn-7746.exe
2944	Unicorn-8493.exe
2260	Unicorn-22412.exe
2120	Unicorn-14798.exe
2284	Unicorn-3937.exe
2656	Unicorn-24358.exe
2628	Unicorn-35218.exe
2392	Unicorn-42832.exe
2208	Unicorn-53693.exe
2888	Unicorn-18882.exe
2700	Unicorn-46916.exe
2604	Unicorn-48862.exe
2032	Unicorn-37186.exe
2084	Unicorn-55660.exe
2012	Unicorn-29018.exe
2740	Unicorn-35794.exe
2912	Unicorn-43963.exe
1604	Unicorn-13236.exe
2196	Unicorn-12681.exe
2856	Unicorn-33102.exe
1280	Unicorn-58353.exe
1848	Unicorn-15395.exe
952	Unicorn-5644.exe
2308	Unicorn-21426.exe
2968	Unicorn-7035.exe
2028	Unicorn-64959.exe
1264	Unicorn-50014.exe
1724	Unicorn-60896.exe
1896	Unicorn-38338.exe
2520	Unicorn-59505.exe
2780	Unicorn-46506.exe
2964	Unicorn-54674.exe
2932	Unicorn-10112.exe
2692	Unicorn-60704.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 860	2168	6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe	28
PID 2168 wrote to memory of 860	2168	6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe	28
PID 2168 wrote to memory of 860	2168	6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe	28
PID 2168 wrote to memory of 860	2168	6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe	28
PID 2168 wrote to memory of 1884	2168	6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe	30
PID 2168 wrote to memory of 1884	2168	6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe	30
PID 2168 wrote to memory of 1884	2168	6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe	30
PID 2168 wrote to memory of 1884	2168	6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe	30
PID 860 wrote to memory of 2160	860	Unicorn-19236.exe	29
PID 860 wrote to memory of 2160	860	Unicorn-19236.exe	29
PID 860 wrote to memory of 2160	860	Unicorn-19236.exe	29
PID 860 wrote to memory of 2160	860	Unicorn-19236.exe	29
PID 2168 wrote to memory of 1236	2168	6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe	31
PID 2168 wrote to memory of 1236	2168	6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe	31
PID 2168 wrote to memory of 1236	2168	6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe	31
PID 2168 wrote to memory of 1236	2168	6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe	31
PID 1884 wrote to memory of 3008	1884	Unicorn-18804.exe	32
PID 1884 wrote to memory of 3008	1884	Unicorn-18804.exe	32
PID 1884 wrote to memory of 3008	1884	Unicorn-18804.exe	32
PID 1884 wrote to memory of 3008	1884	Unicorn-18804.exe	32
PID 2160 wrote to memory of 2636	2160	Unicorn-7943.exe	33
PID 2160 wrote to memory of 2636	2160	Unicorn-7943.exe	33
PID 2160 wrote to memory of 2636	2160	Unicorn-7943.exe	33
PID 2160 wrote to memory of 2636	2160	Unicorn-7943.exe	33
PID 860 wrote to memory of 2508	860	Unicorn-19236.exe	34
PID 860 wrote to memory of 2508	860	Unicorn-19236.exe	34
PID 860 wrote to memory of 2508	860	Unicorn-19236.exe	34
PID 860 wrote to memory of 2508	860	Unicorn-19236.exe	34
PID 860 wrote to memory of 2548	860	Unicorn-19236.exe	35
PID 860 wrote to memory of 2548	860	Unicorn-19236.exe	35
PID 860 wrote to memory of 2548	860	Unicorn-19236.exe	35
PID 860 wrote to memory of 2548	860	Unicorn-19236.exe	35
PID 2636 wrote to memory of 2360	2636	Unicorn-16195.exe	36
PID 2636 wrote to memory of 2360	2636	Unicorn-16195.exe	36
PID 2636 wrote to memory of 2360	2636	Unicorn-16195.exe	36
PID 2636 wrote to memory of 2360	2636	Unicorn-16195.exe	36
PID 2160 wrote to memory of 2440	2160	Unicorn-7943.exe	37
PID 2160 wrote to memory of 2440	2160	Unicorn-7943.exe	37
PID 2160 wrote to memory of 2440	2160	Unicorn-7943.exe	37
PID 2160 wrote to memory of 2440	2160	Unicorn-7943.exe	37
PID 3008 wrote to memory of 1312	3008	Unicorn-6080.exe	38
PID 3008 wrote to memory of 1312	3008	Unicorn-6080.exe	38
PID 3008 wrote to memory of 1312	3008	Unicorn-6080.exe	38
PID 3008 wrote to memory of 1312	3008	Unicorn-6080.exe	38
PID 2508 wrote to memory of 1996	2508	Unicorn-27055.exe	39
PID 2508 wrote to memory of 1996	2508	Unicorn-27055.exe	39
PID 2508 wrote to memory of 1996	2508	Unicorn-27055.exe	39
PID 2508 wrote to memory of 1996	2508	Unicorn-27055.exe	39
PID 1884 wrote to memory of 2696	1884	Unicorn-18804.exe	40
PID 1884 wrote to memory of 2696	1884	Unicorn-18804.exe	40
PID 1884 wrote to memory of 2696	1884	Unicorn-18804.exe	40
PID 1884 wrote to memory of 2696	1884	Unicorn-18804.exe	40
PID 1884 wrote to memory of 2332	1884	Unicorn-18804.exe	41
PID 1884 wrote to memory of 2332	1884	Unicorn-18804.exe	41
PID 1884 wrote to memory of 2332	1884	Unicorn-18804.exe	41
PID 1884 wrote to memory of 2332	1884	Unicorn-18804.exe	41
PID 2160 wrote to memory of 2624	2160	Unicorn-7943.exe	42
PID 2160 wrote to memory of 2624	2160	Unicorn-7943.exe	42
PID 2160 wrote to memory of 2624	2160	Unicorn-7943.exe	42
PID 2160 wrote to memory of 2624	2160	Unicorn-7943.exe	42
PID 2440 wrote to memory of 2664	2440	Unicorn-29240.exe	43
PID 2440 wrote to memory of 2664	2440	Unicorn-29240.exe	43
PID 2440 wrote to memory of 2664	2440	Unicorn-29240.exe	43
PID 2440 wrote to memory of 2664	2440	Unicorn-29240.exe	43

C:\Users\Admin\AppData\Local\Temp\6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6a2d8050a9a01af2e65b828a4bbdfed0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19236.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19236.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6127.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46506.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61807.exe
        10⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57614.exe
        11⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
        12⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8164.exe
        13⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18487.exe
        14⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
        15⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 236
        15⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 236
        14⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
        13⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
        12⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
        11⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
        10⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35907.exe
        11⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19950.exe
        12⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
        13⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39509.exe
        14⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
        15⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11168 -s 220
        15⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 216
        14⤵
        
        PID:11408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 236
        13⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
        12⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        11⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        10⤵
        Program crash
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23467.exe
        9⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21242.exe
        10⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63831.exe
        11⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe
        12⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
        13⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
        14⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 216
        14⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
        13⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
        12⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
        11⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 236
        10⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 220
        9⤵
        Program crash
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10112.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12030.exe
        9⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58081.exe
        10⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
        11⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
        12⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64205.exe
        13⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21684.exe
        14⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11076 -s 216
        14⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
        13⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 236
        12⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
        11⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 236
        10⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 216
        9⤵
        Program crash
        
        PID:3728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
        8⤵
        Program crash
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53693.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38338.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        9⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
        10⤵
        Program crash
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe
        9⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
        10⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        11⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
        12⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41751.exe
        13⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8752 -s 236
        13⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
        12⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 236
        11⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        10⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
        9⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        8⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45170.exe
        9⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20230.exe
        10⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
        11⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56888.exe
        12⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
        13⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 236
        13⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
        12⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
        11⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        10⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
        9⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
        8⤵
        Program crash
        
        PID:3280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
        7⤵
        Program crash
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44368.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
        9⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61262.exe
        10⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18004.exe
        11⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38284.exe
        12⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
        13⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36759.exe
        14⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11136 -s 216
        14⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 220
        13⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
        12⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        11⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        10⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
        9⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12585.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54189.exe
        9⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19675.exe
        10⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
        11⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44963.exe
        12⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51943.exe
        13⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10736 -s 216
        13⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
        12⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
        11⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        10⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
        9⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        8⤵
        Program crash
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
        7⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
        8⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43883.exe
        9⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
        10⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        11⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61875.exe
        12⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10872 -s 240
        13⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 216
        12⤵
        
        PID:10812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
        11⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
        10⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 236
        9⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 236
        8⤵
        Program crash
        
        PID:3648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
        7⤵
        Program crash
        
        PID:2424
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
        6⤵
        Program crash
        
        PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29018.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18603.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5808.exe
        9⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        10⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13727.exe
        11⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
        12⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4698.exe
        13⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe
        14⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8768 -s 220
        13⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
        12⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
        11⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
        10⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        9⤵
        Program crash
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
        8⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34345.exe
        9⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55144.exe
        10⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20194.exe
        11⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31881.exe
        12⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe
        13⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
        12⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        11⤵
        
        PID:9556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        10⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 236
        9⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        7⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53063.exe
        8⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe
        9⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64874.exe
        10⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36146.exe
        11⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1984.exe
        12⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24699.exe
        13⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10824 -s 216
        13⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 216
        12⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        11⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 236
        10⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
        9⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 236
        8⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
        7⤵
        Program crash
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        7⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38372.exe
        8⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        9⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        10⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        11⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        12⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
        12⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
        11⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
        10⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        9⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 236
        8⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 216
        7⤵
        Program crash
        
        PID:3508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
        6⤵
        Program crash
        
        PID:904
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22412.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15395.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37905.exe
        9⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44210.exe
        10⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32207.exe
        11⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45414.exe
        12⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43629.exe
        13⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7568.exe
        14⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        15⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 236
        14⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
        13⤵
        
        PID:9636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 236
        12⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        11⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
        10⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50987.exe
        9⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
        10⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23759.exe
        11⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        12⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43017.exe
        13⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34237.exe
        14⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10696 -s 220
        14⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 216
        13⤵
        
        PID:11008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
        12⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
        11⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
        10⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
        9⤵
        Program crash
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50240.exe
        9⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
        10⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exe
        11⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20194.exe
        12⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
        13⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        14⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 216
        13⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
        12⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
        11⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        10⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
        9⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
        8⤵
        Program crash
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5644.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44127.exe
        8⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        9⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
        10⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20718.exe
        11⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        12⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33526.exe
        13⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
        14⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 236
        13⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
        12⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
        11⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
        10⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
        9⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9954.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3997.exe
        10⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
        11⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58331.exe
        12⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
        13⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 216
        12⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 236
        11⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
        10⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
        9⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
        8⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        7⤵
        Program crash
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21426.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44594.exe
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48626.exe
        10⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14002.exe
        11⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17719.exe
        12⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
        13⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
        14⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 236
        13⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 236
        12⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 236
        11⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        10⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
        9⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20644.exe
        8⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
        9⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
        10⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32192.exe
        11⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
        12⤵
        
        PID:10580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
        12⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
        10⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
        9⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
        7⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32342.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30692.exe
        9⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35575.exe
        10⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27423.exe
        11⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
        12⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        12⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 220
        12⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 216
        11⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
        10⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
        9⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
        8⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        7⤵
        Program crash
        
        PID:808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
        6⤵
        Program crash
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3937.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7035.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
        8⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe
        9⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 220
        10⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 236
        9⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10914.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
        9⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        10⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23510.exe
        11⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
        12⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12830.exe
        13⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11024 -s 216
        13⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 216
        12⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 236
        11⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
        10⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        9⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        8⤵
        Program crash
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31251.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51688.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36753.exe
        10⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
        11⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
        12⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 216
        12⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
        11⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        9⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
        8⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
        7⤵
        Program crash
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26613.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51200.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61994.exe
        9⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63587.exe
        10⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45321.exe
        11⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
        12⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
        13⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10244 -s 236
        13⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 236
        12⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 236
        10⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
        9⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        8⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39502.exe
        7⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28315.exe
        8⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38424.exe
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
        10⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40049.exe
        11⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34512.exe
        12⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 236
        11⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
        10⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
        9⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        8⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        7⤵
        
        PID:3924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
        6⤵
        Program crash
        
        PID:1732
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
        5⤵
        Program crash
        
        PID:1796
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18882.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        7⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 372
        8⤵
        Program crash
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        7⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4905.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
        9⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26276.exe
        10⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
        11⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53702.exe
        12⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9380 -s 236
        12⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 236
        11⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 236
        10⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        9⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
        8⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
        7⤵
        Program crash
        
        PID:3396
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 236
        6⤵
        Program crash
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43303.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31047.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45533.exe
        8⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        9⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
        10⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
        11⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
        12⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 236
        12⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 236
        11⤵
        
        PID:10140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        10⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
        9⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 216
        8⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7043.exe
        8⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        9⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60188.exe
        10⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23941.exe
        11⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22618.exe
        12⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
        13⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 216
        12⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
        11⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
        10⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
        8⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 220
        7⤵
        Program crash
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
        6⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3862.exe
        7⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        8⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23759.exe
        9⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe
        10⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18513.exe
        11⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        12⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10632 -s 216
        12⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 216
        11⤵
        
        PID:10764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
        10⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
        9⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 216
        8⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 216
        7⤵
        Program crash
        
        PID:3544
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
        6⤵
        Program crash
        
        PID:2484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
        5⤵
        Program crash
        
        PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49443.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28359.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        7⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16115.exe
        8⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60603.exe
        9⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
        10⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
        11⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        12⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43775.exe
        13⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10916 -s 216
        13⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 216
        12⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
        11⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        10⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 216
        9⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
        8⤵
        Program crash
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        7⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39332.exe
        8⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55663.exe
        9⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3608.exe
        10⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4366.exe
        11⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39935.exe
        12⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10248 -s 216
        12⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 236
        11⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
        10⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
        9⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
        8⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 220
        7⤵
        Program crash
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
        6⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18253.exe
        7⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62741.exe
        8⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
        9⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
        10⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37563.exe
        11⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61647.exe
        12⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11104 -s 216
        12⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 216
        11⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
        10⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
        9⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
        8⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 216
        7⤵
        Program crash
        
        PID:3704
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
        6⤵
        Program crash
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56620.exe
        6⤵
        Executes dropped EXE
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        7⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        8⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
        9⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53852.exe
        10⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1984.exe
        11⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16784.exe
        12⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 220
        11⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
        10⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 236
        9⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 236
        8⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 216
        7⤵
        Program crash
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47396.exe
        6⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
        7⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24688.exe
        9⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54693.exe
        10⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        11⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 216
        11⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 236
        10⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
        9⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 236
        8⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
        7⤵
        
        PID:5776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        6⤵
        Program crash
        
        PID:4084
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 240
        5⤵
        Program crash
        
        PID:352
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1992
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42666.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63169.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        9⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29685.exe
        10⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35518.exe
        11⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
        12⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12482.exe
        13⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        14⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10940 -s 216
        14⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8424 -s 216
        13⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
        12⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 216
        11⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
        10⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
        9⤵
        Program crash
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        8⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44075.exe
        9⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10821.exe
        10⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
        11⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
        12⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45550.exe
        13⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 216
        12⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
        11⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        10⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
        9⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 236
        7⤵
        Program crash
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        7⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46841.exe
        8⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2850.exe
        9⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10821.exe
        10⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52290.exe
        11⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        12⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
        13⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10908 -s 216
        13⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 216
        12⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
        11⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
        10⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 236
        9⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 216
        8⤵
        Program crash
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        7⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61698.exe
        8⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47495.exe
        9⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52425.exe
        10⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        11⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe
        12⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 216
        12⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
        11⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 236
        10⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        9⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 236
        8⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
        7⤵
        Program crash
        
        PID:3492
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 220
        6⤵
        Program crash
        
        PID:596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8493.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55660.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4225.exe
        7⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3561.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        9⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58460.exe
        10⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        11⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
        12⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20937.exe
        13⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8596 -s 216
        12⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        11⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
        10⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
        9⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 236
        8⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 216
        7⤵
        Program crash
        
        PID:3352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
        6⤵
        Program crash
        
        PID:1868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
        5⤵
        Program crash
        
        PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53527.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12681.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16944.exe
        8⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18824.exe
        9⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64163.exe
        10⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        11⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39421.exe
        12⤵
        
        PID:10640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 216
        12⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
        11⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        10⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        9⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
        8⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
        7⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
        8⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        7⤵
        Program crash
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18280.exe
        6⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57785.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46042.exe
        8⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14194.exe
        9⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        10⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
        11⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
        11⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 236
        10⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
        8⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
        7⤵
        
        PID:4980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
        6⤵
        Program crash
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58353.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        6⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43333.exe
        7⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
        8⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61283.exe
        9⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
        10⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
        11⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
        12⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10772 -s 216
        12⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
        11⤵
        
        PID:11132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
        10⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        9⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 236
        8⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
        7⤵
        Program crash
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19383.exe
        6⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63836.exe
        7⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
        8⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32669.exe
        9⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36961.exe
        10⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5980.exe
        11⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        12⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8612 -s 236
        11⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
        10⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
        9⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        8⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 236
        7⤵
        
        PID:4828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 220
        6⤵
        Program crash
        
        PID:3516
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        5⤵
        Program crash
        
        PID:1380
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55883.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55883.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54918.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22329.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24358.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
        8⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15814.exe
        9⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        10⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54677.exe
        11⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10297.exe
        12⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57900.exe
        13⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        14⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10548 -s 216
        14⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 236
        13⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
        12⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 236
        11⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        10⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 236
        9⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
        8⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
        9⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34065.exe
        10⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39654.exe
        11⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6260.exe
        12⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        13⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10664 -s 216
        13⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 216
        12⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        11⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 236
        10⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
        9⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
        8⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        7⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28066.exe
        8⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2103.exe
        9⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51766.exe
        10⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
        11⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
        12⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 236
        12⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 236
        11⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
        10⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        9⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
        8⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        7⤵
        Program crash
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59505.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42373.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30204.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
        9⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        10⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        10⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        9⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57401.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6763.exe
        8⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
        9⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6125.exe
        10⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27169.exe
        11⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
        11⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
        10⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
        9⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        8⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        7⤵
        
        PID:4472
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
        6⤵
        Program crash
        
        PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16307.exe
        7⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61314.exe
        8⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        9⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
        10⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9633.exe
        11⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55373.exe
        12⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 216
        12⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
        11⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
        10⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
        9⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 236
        8⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47671.exe
        7⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2487.exe
        8⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27023.exe
        9⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
        10⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59073.exe
        11⤵
        
        PID:10708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9036 -s 236
        11⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 216
        10⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
        9⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
        8⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
        7⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39419.exe
        6⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13073.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
        9⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15357.exe
        10⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
        11⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
        11⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 216
        10⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
        9⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
        8⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
        7⤵
        
        PID:4848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        6⤵
        Program crash
        
        PID:3412
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
        5⤵
        Program crash
        
        PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1748
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
        5⤵
        Program crash
        
        PID:2576
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
      4⤵
      Program crash
      PID:1820
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2332
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
  2⤵
  - Program crash
  PID:1236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe

Filesize
184KB

MD5
83011f1045841cdbfb400ba363528660

SHA1
24eecde8e76557aaacabf61ad705d0e0f1f676b8

SHA256
2baebde3942d7098861e1ba3d6b7cd76bebd97cbcabdd7bdd4678df941f545be

SHA512
78ff2e9c18ff05e7880aae3782257267d339bec5313222830b8dd033494a2123da5754a895cbc39dd7d3034926b5b0c7cbd02bc6496798b95a2d1c9714b2b9da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe

Filesize
184KB

MD5
8a72d3401a3add9b413b3ceed2f7a9f2

SHA1
dd20bd78cd32e66dc1e20bb625ddd3ff74e6d5bc

SHA256
8ec03b4910c1bd4b116af350258a17ca85e4fb0c2eb851efe68623653922499c

SHA512
e03f102118cce6ac0496a843971a942419369e862c26d62fa163372f4dcc5b270cdb2d4293749b22aeb2624b9b1798286d255a7bf1d1494efa6ec2223a86244b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe

Filesize
184KB

MD5
a71512c0a53a7736373575b0f7052ebc

SHA1
f756fe6d8c72c8735c1bd14bf5183187f0dc3fba

SHA256
4393f338c2e4f386646d64db25ecb4431087535d8047ca919b73326d408a57b9

SHA512
a71a06f4a894685bcbbf2066af78e849f36441e3c143aeb884f713ba5f85ef1ad8ac6814f2a481dcdde9df332a4c4e1aff6e010360072765ba329d889bddaace

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe

Filesize
184KB

MD5
c370d690f361eb4c0f802a47da675340

SHA1
d69d2b23de4e3947cf3b5279fba6f09d7ba7be7e

SHA256
b9248e70c0f9ff204f24b280e2f42a0442899aa3952b85c76ab289a13b100b36

SHA512
3d932faa016df8aa2aa53bcf511a2b121c9b5f420b620557507c440608d22f6ce2f17b28455ae9b28520b86d93aa3f32878347d96d6631de1d51808f96c70823

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27169.exe

Filesize
184KB

MD5
e5c0506b0ea103e97ac9b3b27e7ba7e2

SHA1
554a47b723cc0d261036f11062ad2098b01e2d0e

SHA256
195ab73283ab5e7ed0c0a948f20a1d544b4fe36001f298bee7b59003936117a7

SHA512
8596e664286d0ed64767c87b52ab53144c9c5289f3a8a9453a48f5bce1f034e5a73ca104517a3ad85feffda2561a51a4d54a2a93af4d26e2ab760db4e5d52884

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe

Filesize
184KB

MD5
3f8f115763e6d091cecce7905ff6f733

SHA1
7cb3145b2949fec3fa1ade7681b3957f7645ee4b

SHA256
409eb7e377f1c272cd04a041740d37b67d714518e7aeba158010863264ecac5f

SHA512
3d505f3022a4da09e806b34343d0f7708da6ee92e5b9832e1cb60db320b11bd679ed69afb328e3ce546a7331eda0fce2ac96c92e7747cfe3f3d25d1f0a25c60c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54918.exe

Filesize
184KB

MD5
2e14a7fae8fbd444a46e74e49aba4225

SHA1
acd2a14bab44f93e9d6efccc78123db1ae082320

SHA256
3d1f26de21ce7c3676d2c91cc07b855bb6b537aebeb5b38c9bd14bb5098904b0

SHA512
4a66919f26252f83799d12bdd8cb540a567a82e58ca9ff2fa98d81264b79c7df6fa86363bac7f3adbb507afb193167ba2a4cb8a0b6cb60b1bb784573505f877a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe

Filesize
184KB

MD5
f9a13ab51c28a98a0c23ea4aeb3fde00

SHA1
2f3362fbb5734568b6ca648d9cb3de5ccfa8dbbc

SHA256
50f3b831b26efa4a93d81fac41844b0bdb8d2a9a1f729145bcd792c1513dcd79

SHA512
b5bdb997e470b8d09cb758309f379a9c9d5538d9d179acb8398a67035d47d5d203932265c849c8e20f1c23670015fae46ffb784d41d6027b0ff15d6ff6ff756a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5980.exe

Filesize
184KB

MD5
c596be4d1af279a52a866baf01094c00

SHA1
3d686e350f5a088062945911770a717783bfb123

SHA256
ba1ccd512f4d586d1c4c6da19211dc7ba4538789d0a8069ed1c3d74e92864071

SHA512
f2f5ec1ce1ccb055a653cf33521587948663349d86c5f52aef431eb2217a11ad7a9096bc60e32f0cb4621fd9cb5313d2f31f23432006f2ab292730f8dfa95916

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6127.exe

Filesize
184KB

MD5
636026b5aeabec5013c9f36cab9e1439

SHA1
43acb0754674e92ad9f89da14990b95d084f7740

SHA256
b65d5f035bc956c87a42fdf843f74318fa028b597873e1ac4baa4673250226d0

SHA512
c95d748b2e91d28bce57249ca918263e715b29cd92b7e7c8419d65cc4067dbe7fd914be6adf8d05780d437be6c8dfcfd663ccb2a6ef0e5e36166c0c660f1e36b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9633.exe

Filesize
184KB

MD5
5992231e51a9abdfb12e5a20ea729618

SHA1
660bed6ad6adde1656c96ad46e4b5422f46242ef

SHA256
7526af2c8ce5fd433930dd36dd21aa8a538094ec425214540ac6c17c50730cf3

SHA512
9e21fa658850f98b718153c1eb7407485ed7d7bbcffdc1fd476b3d4d3e81fb0e2588cd79084d958b48f54e821b148b6738fab312ced74e58b47128dedea38f31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19236.exe

Filesize
184KB

MD5
2e39bbed8c73704739da000ebb706710

SHA1
f12a365b18dd33308d35ede87663314b900774fc

SHA256
f3bc4f86252586def54d37bcdd4ccca40588221fda708589322e0d731f62e485

SHA512
ae65e13cfb25c463f19a1e4c5792bc4dd1f3fe2bba21053b0d06c311411f18c8d9458786d465fa6897e56733883d71ef3e38e6ddb2d337f8fa016c47665f72d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe

Filesize
184KB

MD5
fb1fa32e8aa221e957afb4ef7dcc1339

SHA1
3443b5451bc3ba28f243dc15105fc4c14482380e

SHA256
dcbf10a44d54b54cf5ffa9239a6adabc69d764e072919b0f4ac7268be521d5e8

SHA512
112161f84791d9b3722db373f7335b4b6343f7391e9b8cd4c13797e2db4924fdde8e4fda000d9615329cf68fb7549a1b93404c621653a3dc4ba4657b1c4aec5d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe

Filesize
184KB

MD5
ef71abd11ba0d7f4355a9ace75c6ef24

SHA1
d71c013326f09c6374a1fac186e07754a6d2f604

SHA256
5b5c77add285c30f27ec7480df6d3e07a473f850ad5b07b38d885b2042b0aaec

SHA512
0ef59262a9fac8d57c75e56efe2a6ffada6d8b66a955a3ea145b7e9fb0879d379af156780a3c567dbb4591a942262359399feec6628445cbfc5b11c8f63f8536

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe

Filesize
184KB

MD5
9ef6ecc6cca1ef25c08b7ece1309097a

SHA1
62450d036c503dc571dae9d8423fce93c154f93d

SHA256
ec75d38820bf894e94c2101ec57eb9c6ddb4fe7837934279ac8d2ec69a464748

SHA512
7efd87b32f8197930c6e78dd0d8ec082b03dcc2c77acf545e279ebdc70f244ffb6d153f18e85db0417f8844f222e4d195c1fb51b09021bbeecc99d292b7e6173

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55883.exe

Filesize
184KB

MD5
81d0760a3888b46a1aa61697439cd1c3

SHA1
bcf546e8224bcede7d962ca6bfb3cff2ddecbed1

SHA256
e9c5ac530cb56c41677d2df56bf9a836ba5cb477e0927f986603eb9ce80aafac

SHA512
ad1636cd557df7b1c01db0656591b3a1ba26317084ea8557b4e29e0bfd067be14d59af6304262fab76db0fff3991f190f5509ae6ac063a4322af414d199dba35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe

Filesize
184KB

MD5
dba69f117f975d7f65c44c7891966725

SHA1
2b8dd315837fbd8f5390d22935bd23dfa1344443

SHA256
6802a9062a5b2f7c2ccb034cdc0efeccda2558525ae7ff6ba697a49398a460ca

SHA512
df7a5394bc3c47869efed8e08085abd2d77829dae7a44da91782265bb2eb7ea2cba3b4c900d96242ed5053982cc0247dc9701b181bb79f0613e181c697eac811

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe

Filesize
184KB

MD5
ce83c2093bafd2677d100bca5944f146

SHA1
846e98b4785ec80228b5bb9469ae9dd53e3b75e2

SHA256
4d6979ecb32a5ea0705bffbd9ecb39ec9b0bd373a410375e0e2721804e5ef0ec

SHA512
912154ab20724125a43f4fc976d275d28b49fb3155c864315061182f9e840a0a8e6d2ad98c599a4187b76363dce9e7ec1384fd9b445adc83ff97139a5e9bcc9f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe

Filesize
184KB

MD5
a07f897831c96231fb9a130fd9f63450

SHA1
ec9ceca303db54e5dd82db9c18b200fbbd972c31

SHA256
b240856889869e3c95b4f80470588ac4069452a6297fc870aa27095c9f3f2722

SHA512
30f196709b70298b22af720278d850120429d47f2a9217c1576a89b47cbd01251b8312706f1f80203d92444026a59b12a8e62636b6f9d273377c994732014b7a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads