8aaec2ca61dd8db5d8ebf97bb884c3a9764e229198b87631d8874102006c783e

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 07:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe
Size

184KB
MD5

9fa5c53cd1eb8bf10828206715772fa0
SHA1

b2bb105df869533210f8fbe7645d9d01a113f6a0
SHA256

8aaec2ca61dd8db5d8ebf97bb884c3a9764e229198b87631d8874102006c783e
SHA512

35afc51b4972f2ce31a4300231a39d43a9c23b7df6f84f3c25b3e3620254b7e329654d96147170c47e3cba594bf5e6344adb5600f3d3297b1cf9e601c12f8440
SSDEEP

3072:GD7glmoXvVGZdwftWpO80hwPcvnlnviFx:GDHoQXwff88wPcPlnviF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1780	Unicorn-17972.exe
772	Unicorn-20790.exe
2384	Unicorn-9092.exe
1960	Unicorn-46576.exe
1816	Unicorn-46576.exe
2168	Unicorn-52284.exe
2516	Unicorn-9430.exe
2100	Unicorn-5901.exe
2728	Unicorn-42103.exe
3044	Unicorn-33935.exe
2808	Unicorn-30789.exe
300	Unicorn-50110.exe
1536	Unicorn-13716.exe
1332	Unicorn-1101.exe
1740	Unicorn-1101.exe
1308	Unicorn-9269.exe
1704	Unicorn-32.exe
1172	Unicorn-5740.exe
596	Unicorn-45704.exe
2284	Unicorn-19776.exe
2152	Unicorn-8078.exe
1788	Unicorn-61000.exe
1880	Unicorn-38224.exe
960	Unicorn-34694.exe
1964	Unicorn-62728.exe
112	Unicorn-9998.exe
2296	Unicorn-54752.exe
2532	Unicorn-43054.exe
1256	Unicorn-43054.exe
2060	Unicorn-5551.exe
1516	Unicorn-31125.exe
2904	Unicorn-2728.exe
2228	Unicorn-22594.exe
2544	Unicorn-31831.exe
2608	Unicorn-44638.exe
2112	Unicorn-64503.exe
2108	Unicorn-30029.exe
2564	Unicorn-49895.exe
2504	Unicorn-58063.exe
3012	Unicorn-9246.exe
2848	Unicorn-33751.exe
2972	Unicorn-25775.exe
2740	Unicorn-14077.exe
1280	Unicorn-42111.exe
2772	Unicorn-50279.exe
1640	Unicorn-38581.exe
1644	Unicorn-1078.exe
1768	Unicorn-9630.exe
2768	Unicorn-55302.exe
2084	Unicorn-10720.exe
1676	Unicorn-44462.exe
2376	Unicorn-41316.exe
2204	Unicorn-20150.exe
2920	Unicorn-10912.exe
1668	Unicorn-44654.exe
1576	Unicorn-41508.exe
1440	Unicorn-20342.exe
2512	Unicorn-36678.exe
548	Unicorn-33532.exe
2236	Unicorn-53398.exe
2116	Unicorn-41700.exe
2688	Unicorn-49869.exe
2452	Unicorn-49869.exe
3068	Unicorn-12365.exe

Loads dropped DLL 64 IoCs

pid	Process
1244	9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe
1244	9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe
1780	Unicorn-17972.exe
1780	Unicorn-17972.exe
1244	9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe
1244	9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe
1780	Unicorn-17972.exe
772	Unicorn-20790.exe
772	Unicorn-20790.exe
2384	Unicorn-9092.exe
1780	Unicorn-17972.exe
2384	Unicorn-9092.exe
2156	WerFault.exe
2156	WerFault.exe
2156	WerFault.exe
2156	WerFault.exe
2156	WerFault.exe
1816	Unicorn-46576.exe
1816	Unicorn-46576.exe
2384	Unicorn-9092.exe
2384	Unicorn-9092.exe
1960	Unicorn-46576.exe
2168	Unicorn-52284.exe
1960	Unicorn-46576.exe
2168	Unicorn-52284.exe
772	Unicorn-20790.exe
772	Unicorn-20790.exe
2736	WerFault.exe
2776	WerFault.exe
2736	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
2736	WerFault.exe
2736	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
2736	WerFault.exe
2516	Unicorn-9430.exe
2516	Unicorn-9430.exe
1816	Unicorn-46576.exe
1816	Unicorn-46576.exe
2808	Unicorn-30789.exe
2100	Unicorn-5901.exe
2808	Unicorn-30789.exe
2100	Unicorn-5901.exe
3044	Unicorn-33935.exe
3044	Unicorn-33935.exe
2728	Unicorn-42103.exe
2728	Unicorn-42103.exe
2168	Unicorn-52284.exe
2168	Unicorn-52284.exe
1960	Unicorn-46576.exe
1960	Unicorn-46576.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
828	WerFault.exe
828	WerFault.exe
828	WerFault.exe
828	WerFault.exe
828	WerFault.exe
2424	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2660	1244	WerFault.exe	27
2156	1780	WerFault.exe	28
2776	772	WerFault.exe	29
2736	2384	WerFault.exe	30
1804	1816	WerFault.exe	34
828	2168	WerFault.exe	32
2424	1960	WerFault.exe	33
1612	2516	WerFault.exe	36
1944	2100	WerFault.exe	37
1164	2808	WerFault.exe	40
2900	3044	WerFault.exe	39
2172	2728	WerFault.exe	38
848	300	WerFault.exe	43
340	1536	WerFault.exe	44
1388	1332	WerFault.exe	46
888	1740	WerFault.exe	45
2492	1704	WerFault.exe	48
2164	1308	WerFault.exe	47
1680	596	WerFault.exe	49
1368	1172	WerFault.exe	50
2308	2284	WerFault.exe	54
1828	2152	WerFault.exe	55
2304	1788	WerFault.exe	56
1696	1880	WerFault.exe	57
2188	960	WerFault.exe	58
1604	1964	WerFault.exe	59
1692	112	WerFault.exe	60
2708	2296	WerFault.exe	61
2664	2060	WerFault.exe	64
2884	2532	WerFault.exe	62
2756	1256	WerFault.exe	63
2752	1516	WerFault.exe	65
1284	2376	WerFault.exe	99
1648	2228	WerFault.exe	69
1672	2904	WerFault.exe	70
2716	3012	WerFault.exe	79
2608	2544	WerFault.exe	72
3096	2564	WerFault.exe	77
3104	2108	WerFault.exe	76
3088	1280	WerFault.exe	83
3176	2504	WerFault.exe	78
3200	2972	WerFault.exe	81
3284	1644	WerFault.exe	86
3292	2740	WerFault.exe	82
3300	1640	WerFault.exe	85
3404	2848	WerFault.exe	80
3396	2112	WerFault.exe	75
3412	2768	WerFault.exe	87
3440	2772	WerFault.exe	84
3456	1768	WerFault.exe	88
3768	1676	WerFault.exe	98
3816	2236	WerFault.exe	107
3856	1576	WerFault.exe	103
3916	1628	WerFault.exe	118
3980	3068	WerFault.exe	112
3648	2116	WerFault.exe	108
4052	2548	WerFault.exe	120
3144	2920	WerFault.exe	101
3308	3048	WerFault.exe	117
3392	2812	WerFault.exe	115
3496	2572	WerFault.exe	113
3616	2084	WerFault.exe	97
3976	2204	WerFault.exe	100
3684	2512	WerFault.exe	105

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1244	9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe
1780	Unicorn-17972.exe
2384	Unicorn-9092.exe
772	Unicorn-20790.exe
1816	Unicorn-46576.exe
2168	Unicorn-52284.exe
1960	Unicorn-46576.exe
2516	Unicorn-9430.exe
2100	Unicorn-5901.exe
2728	Unicorn-42103.exe
3044	Unicorn-33935.exe
2808	Unicorn-30789.exe
300	Unicorn-50110.exe
1536	Unicorn-13716.exe
1332	Unicorn-1101.exe
1740	Unicorn-1101.exe
1308	Unicorn-9269.exe
1704	Unicorn-32.exe
1172	Unicorn-5740.exe
596	Unicorn-45704.exe
2284	Unicorn-19776.exe
2152	Unicorn-8078.exe
1788	Unicorn-61000.exe
1880	Unicorn-38224.exe
960	Unicorn-34694.exe
1964	Unicorn-62728.exe
112	Unicorn-9998.exe
2296	Unicorn-54752.exe
2060	Unicorn-5551.exe
2532	Unicorn-43054.exe
1516	Unicorn-31125.exe
1256	Unicorn-43054.exe
2904	Unicorn-2728.exe
2228	Unicorn-22594.exe
2544	Unicorn-31831.exe
2608	Unicorn-44638.exe
2112	Unicorn-64503.exe
2108	Unicorn-30029.exe
2564	Unicorn-49895.exe
2504	Unicorn-58063.exe
3012	Unicorn-9246.exe
2848	Unicorn-33751.exe
2972	Unicorn-25775.exe
2740	Unicorn-14077.exe
2772	Unicorn-50279.exe
1280	Unicorn-42111.exe
1640	Unicorn-38581.exe
1644	Unicorn-1078.exe
1768	Unicorn-9630.exe
2768	Unicorn-55302.exe
2084	Unicorn-10720.exe
1676	Unicorn-44462.exe
2376	Unicorn-41316.exe
2204	Unicorn-20150.exe
2920	Unicorn-10912.exe
1668	Unicorn-44654.exe
1576	Unicorn-41508.exe
1440	Unicorn-20342.exe
2512	Unicorn-36678.exe
548	Unicorn-33532.exe
2236	Unicorn-53398.exe
2116	Unicorn-41700.exe
2688	Unicorn-49869.exe
2452	Unicorn-49869.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 1780	1244	9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe	28
PID 1244 wrote to memory of 1780	1244	9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe	28
PID 1244 wrote to memory of 1780	1244	9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe	28
PID 1244 wrote to memory of 1780	1244	9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe	28
PID 1780 wrote to memory of 772	1780	Unicorn-17972.exe	29
PID 1780 wrote to memory of 772	1780	Unicorn-17972.exe	29
PID 1780 wrote to memory of 772	1780	Unicorn-17972.exe	29
PID 1780 wrote to memory of 772	1780	Unicorn-17972.exe	29
PID 1244 wrote to memory of 2384	1244	9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe	30
PID 1244 wrote to memory of 2384	1244	9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe	30
PID 1244 wrote to memory of 2384	1244	9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe	30
PID 1244 wrote to memory of 2384	1244	9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe	30
PID 1244 wrote to memory of 2660	1244	9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe	31
PID 1244 wrote to memory of 2660	1244	9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe	31
PID 1244 wrote to memory of 2660	1244	9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe	31
PID 1244 wrote to memory of 2660	1244	9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe	31
PID 772 wrote to memory of 1960	772	Unicorn-20790.exe	33
PID 772 wrote to memory of 1960	772	Unicorn-20790.exe	33
PID 772 wrote to memory of 1960	772	Unicorn-20790.exe	33
PID 772 wrote to memory of 1960	772	Unicorn-20790.exe	33
PID 1780 wrote to memory of 2168	1780	Unicorn-17972.exe	32
PID 1780 wrote to memory of 2168	1780	Unicorn-17972.exe	32
PID 1780 wrote to memory of 2168	1780	Unicorn-17972.exe	32
PID 1780 wrote to memory of 2168	1780	Unicorn-17972.exe	32
PID 2384 wrote to memory of 1816	2384	Unicorn-9092.exe	34
PID 2384 wrote to memory of 1816	2384	Unicorn-9092.exe	34
PID 2384 wrote to memory of 1816	2384	Unicorn-9092.exe	34
PID 2384 wrote to memory of 1816	2384	Unicorn-9092.exe	34
PID 1780 wrote to memory of 2156	1780	Unicorn-17972.exe	35
PID 1780 wrote to memory of 2156	1780	Unicorn-17972.exe	35
PID 1780 wrote to memory of 2156	1780	Unicorn-17972.exe	35
PID 1780 wrote to memory of 2156	1780	Unicorn-17972.exe	35
PID 1816 wrote to memory of 2516	1816	Unicorn-46576.exe	36
PID 1816 wrote to memory of 2516	1816	Unicorn-46576.exe	36
PID 1816 wrote to memory of 2516	1816	Unicorn-46576.exe	36
PID 1816 wrote to memory of 2516	1816	Unicorn-46576.exe	36
PID 2384 wrote to memory of 2100	2384	Unicorn-9092.exe	37
PID 2384 wrote to memory of 2100	2384	Unicorn-9092.exe	37
PID 2384 wrote to memory of 2100	2384	Unicorn-9092.exe	37
PID 2384 wrote to memory of 2100	2384	Unicorn-9092.exe	37
PID 1960 wrote to memory of 2728	1960	Unicorn-46576.exe	38
PID 1960 wrote to memory of 2728	1960	Unicorn-46576.exe	38
PID 1960 wrote to memory of 2728	1960	Unicorn-46576.exe	38
PID 1960 wrote to memory of 2728	1960	Unicorn-46576.exe	38
PID 2168 wrote to memory of 3044	2168	Unicorn-52284.exe	39
PID 2168 wrote to memory of 3044	2168	Unicorn-52284.exe	39
PID 2168 wrote to memory of 3044	2168	Unicorn-52284.exe	39
PID 2168 wrote to memory of 3044	2168	Unicorn-52284.exe	39
PID 772 wrote to memory of 2808	772	Unicorn-20790.exe	40
PID 772 wrote to memory of 2808	772	Unicorn-20790.exe	40
PID 772 wrote to memory of 2808	772	Unicorn-20790.exe	40
PID 772 wrote to memory of 2808	772	Unicorn-20790.exe	40
PID 2384 wrote to memory of 2736	2384	Unicorn-9092.exe	41
PID 2384 wrote to memory of 2736	2384	Unicorn-9092.exe	41
PID 2384 wrote to memory of 2736	2384	Unicorn-9092.exe	41
PID 2384 wrote to memory of 2736	2384	Unicorn-9092.exe	41
PID 772 wrote to memory of 2776	772	Unicorn-20790.exe	42
PID 772 wrote to memory of 2776	772	Unicorn-20790.exe	42
PID 772 wrote to memory of 2776	772	Unicorn-20790.exe	42
PID 772 wrote to memory of 2776	772	Unicorn-20790.exe	42
PID 2516 wrote to memory of 300	2516	Unicorn-9430.exe	43
PID 2516 wrote to memory of 300	2516	Unicorn-9430.exe	43
PID 2516 wrote to memory of 300	2516	Unicorn-9430.exe	43
PID 2516 wrote to memory of 300	2516	Unicorn-9430.exe	43

C:\Users\Admin\AppData\Local\Temp\9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9fa5c53cd1eb8bf10828206715772fa0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20790.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 300
        7⤵
        Program crash
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43054.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
        8⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25381.exe
        9⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33793.exe
        10⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37177.exe
        11⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27777.exe
        12⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        13⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7120.exe
        14⤵
        
        PID:14212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11436 -s 216
        14⤵
        
        PID:13504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
        13⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
        12⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
        11⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
        10⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        9⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        10⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6214.exe
        11⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe
        12⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        13⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24161.exe
        14⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 216
        13⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
        12⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
        11⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 236
        10⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
        9⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30403.exe
        8⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50321.exe
        9⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39024.exe
        10⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39297.exe
        11⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe
        12⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
        13⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17988.exe
        14⤵
        
        PID:14300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12072 -s 216
        14⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 236
        13⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 236
        12⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
        11⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        10⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19350.exe
        9⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
        10⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        11⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
        12⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
        13⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 216
        12⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 216
        11⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        10⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 220
        9⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 220
        8⤵
        Program crash
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17004.exe
        7⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33357.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52703.exe
        9⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
        10⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49294.exe
        11⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51207.exe
        12⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64096.exe
        13⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        14⤵
        
        PID:13520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11844 -s 236
        14⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
        13⤵
        
        PID:12408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
        12⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        11⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
        10⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        9⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60560.exe
        10⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24067.exe
        11⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
        12⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe
        13⤵
        
        PID:13760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 216
        12⤵
        
        PID:13084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
        11⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 236
        10⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49366.exe
        8⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        9⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42579.exe
        10⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
        11⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe
        12⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48133.exe
        13⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 216
        12⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
        11⤵
        
        PID:9932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 236
        10⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
        9⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
        8⤵
        Program crash
        
        PID:3496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
        7⤵
        Program crash
        
        PID:2756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        6⤵
        Program crash
        
        PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5740.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31125.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9630.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14093.exe
        8⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33601.exe
        10⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        11⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        12⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        13⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        14⤵
        
        PID:14304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11684 -s 216
        14⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
        13⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
        12⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        11⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
        10⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
        9⤵
        Program crash
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        9⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe
        10⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19417.exe
        11⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        12⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13176.exe
        13⤵
        
        PID:14108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11428 -s 216
        13⤵
        
        PID:14252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 220
        12⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
        11⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        10⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
        9⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
        8⤵
        Program crash
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe
        7⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
        9⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
        10⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35561.exe
        11⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
        12⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        13⤵
        
        PID:14256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11576 -s 216
        13⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 216
        12⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
        11⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        10⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
        9⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
        10⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe
        11⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48485.exe
        12⤵
        
        PID:13692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 216
        12⤵
        
        PID:13712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 236
        11⤵
        
        PID:10784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 236
        10⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
        9⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
        8⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        7⤵
        Program crash
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55302.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
        8⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6159.exe
        10⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
        11⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        12⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49955.exe
        13⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2118.exe
        14⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 236
        13⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
        12⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        11⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 236
        10⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43470.exe
        9⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe
        10⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50958.exe
        11⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
        12⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38162.exe
        13⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
        12⤵
        
        PID:13280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
        11⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 236
        10⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
        9⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
        9⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
        10⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
        11⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65191.exe
        12⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe
        13⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 216
        12⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
        11⤵
        
        PID:10264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
        10⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 236
        9⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
        8⤵
        Program crash
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        7⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49211.exe
        9⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        10⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        11⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        12⤵
        
        PID:13820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11872 -s 236
        12⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
        11⤵
        
        PID:12436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
        10⤵
        
        PID:9740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        9⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 216
        8⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
        7⤵
        Program crash
        
        PID:3412
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 240
        6⤵
        Program crash
        
        PID:1368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30789.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38224.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49895.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20342.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9236.exe
        9⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        10⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27857.exe
        11⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13360.exe
        12⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe
        13⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
        14⤵
        
        PID:13508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11720 -s 216
        14⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
        13⤵
        
        PID:12304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
        12⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        11⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
        10⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        9⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53513.exe
        10⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        11⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe
        12⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65340.exe
        13⤵
        
        PID:13332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11604 -s 216
        13⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
        12⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
        11⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        10⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 220
        9⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15795.exe
        8⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14083.exe
        9⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33783.exe
        10⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28109.exe
        11⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13693.exe
        12⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
        13⤵
        
        PID:13540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10224 -s 236
        13⤵
        
        PID:13560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 216
        12⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
        11⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
        10⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 216
        9⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
        8⤵
        Program crash
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41700.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58437.exe
        8⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        9⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
        10⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38332.exe
        11⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
        12⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
        13⤵
        
        PID:13444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11800 -s 236
        13⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 236
        12⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 236
        11⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
        10⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 216
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5951.exe
        8⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14519.exe
        9⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63116.exe
        10⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50683.exe
        11⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
        12⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43784.exe
        13⤵
        
        PID:13740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12200 -s 216
        13⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8772 -s 216
        12⤵
        
        PID:12944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
        11⤵
        
        PID:10120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
        10⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        9⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        8⤵
        Program crash
        
        PID:3648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
        7⤵
        Program crash
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 220
        7⤵
        Program crash
        
        PID:3104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
        6⤵
        Program crash
        
        PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34694.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        10⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        11⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
        12⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe
        13⤵
        
        PID:13688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
        12⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 216
        11⤵
        
        PID:9980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
        10⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        9⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
        8⤵
        Program crash
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64804.exe
        7⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8219.exe
        8⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16570.exe
        9⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30605.exe
        10⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        11⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        12⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13861.exe
        13⤵
        
        PID:14080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11056 -s 236
        13⤵
        
        PID:14204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
        12⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
        11⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
        10⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 200
        11⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 220
        10⤵
        
        PID:856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
        9⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
        8⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        7⤵
        Program crash
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49869.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50077.exe
        7⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9854.exe
        9⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14107.exe
        10⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
        11⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58507.exe
        12⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        13⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12044 -s 216
        13⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 216
        12⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
        11⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
        10⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
        9⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 216
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
        7⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
        8⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        9⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
        10⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
        11⤵
        
        PID:13496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 216
        11⤵
        
        PID:13564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
        10⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
        9⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
        8⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 220
        7⤵
        
        PID:4388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
        6⤵
        Program crash
        
        PID:2188
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
        5⤵
        Program crash
        
        PID:1164
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33935.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54752.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41717.exe
        9⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        10⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61105.exe
        11⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61217.exe
        12⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
        13⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
        14⤵
        
        PID:14124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11476 -s 236
        14⤵
        
        PID:14236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
        13⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 236
        12⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        11⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 236
        10⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        9⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39024.exe
        10⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11935.exe
        11⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
        12⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58564.exe
        13⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30883.exe
        14⤵
        
        PID:13952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11044 -s 236
        14⤵
        
        PID:14104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 216
        13⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 236
        12⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 236
        11⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        10⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
        9⤵
        Program crash
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54524.exe
        8⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22444.exe
        9⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        10⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        11⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
        12⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe
        13⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        14⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
        13⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
        12⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        10⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
        9⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
        8⤵
        Program crash
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49869.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57861.exe
        8⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47908.exe
        9⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
        10⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
        11⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
        12⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29525.exe
        13⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 216
        13⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
        12⤵
        
        PID:10244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        11⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
        10⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43470.exe
        9⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
        10⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42982.exe
        11⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
        12⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 220
        12⤵
        
        PID:13120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 216
        11⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        10⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        9⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59563.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31178.exe
        9⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        10⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        11⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8403.exe
        12⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45382.exe
        13⤵
        
        PID:14000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 216
        13⤵
        
        PID:14156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
        12⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 236
        11⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
        10⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 200
        11⤵
        
        PID:10664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 220
        10⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
        9⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 220
        8⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        7⤵
        Program crash
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14077.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27798.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39024.exe
        9⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
        10⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
        11⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
        12⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9103.exe
        13⤵
        
        PID:13976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 216
        12⤵
        
        PID:13040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
        11⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 236
        10⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
        9⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
        8⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
        7⤵
        Program crash
        
        PID:3292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 240
        6⤵
        Program crash
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43054.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        7⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12054.exe
        8⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
        10⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41529.exe
        11⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        12⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
        13⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 216
        12⤵
        
        PID:13316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
        11⤵
        
        PID:10472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        10⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
        9⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 236
        8⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 216
        7⤵
        Program crash
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33532.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50077.exe
        7⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
        8⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        9⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24580.exe
        10⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36350.exe
        11⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56333.exe
        12⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
        13⤵
        
        PID:10204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8788 -s 220
        12⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
        11⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
        10⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
        9⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 216
        8⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
        7⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        8⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
        9⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21644.exe
        10⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        11⤵
        
        PID:13664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 216
        11⤵
        
        PID:13700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 236
        10⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 236
        9⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        8⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 220
        7⤵
        
        PID:4936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        6⤵
        Program crash
        
        PID:2884
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
        5⤵
        Program crash
        
        PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45704.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50279.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5925.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49174.exe
        8⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22880.exe
        9⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37268.exe
        10⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42790.exe
        11⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
        12⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
        13⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 216
        12⤵
        
        PID:13072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
        11⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 236
        10⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
        9⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
        8⤵
        Program crash
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64244.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        9⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
        10⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49680.exe
        11⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11904 -s 240
        12⤵
        
        PID:13720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
        11⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
        10⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
        9⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
        8⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        7⤵
        Program crash
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        6⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58245.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4504.exe
        9⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60257.exe
        10⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
        11⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38973.exe
        12⤵
        
        PID:13616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10492 -s 216
        12⤵
        
        PID:13600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 236
        11⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
        10⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        9⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 216
        8⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27274.exe
        7⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
        8⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3848.exe
        9⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22495.exe
        10⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe
        11⤵
        
        PID:13728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10816 -s 216
        11⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 236
        10⤵
        
        PID:11444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
        9⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
        8⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
        7⤵
        
        PID:4304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        6⤵
        Program crash
        
        PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38581.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
        6⤵
        Executes dropped EXE
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57861.exe
        7⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        9⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38145.exe
        10⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
        11⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22841.exe
        12⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
        13⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 216
        12⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
        11⤵
        
        PID:10044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 236
        10⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        9⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
        8⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        8⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe
        9⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
        10⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31969.exe
        11⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
        12⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 216
        11⤵
        
        PID:13020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
        10⤵
        
        PID:10440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
        9⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
        8⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
        7⤵
        Program crash
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        6⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30804.exe
        7⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5827.exe
        8⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        9⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10546.exe
        10⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15979.exe
        11⤵
        
        PID:13884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11140 -s 216
        11⤵
        
        PID:14056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 216
        10⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
        9⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
        8⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 236
        7⤵
        
        PID:4840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 220
        6⤵
        Program crash
        
        PID:3300
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
        5⤵
        Program crash
        
        PID:1680
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:828
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9430.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22594.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44462.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
        9⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
        10⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8380.exe
        11⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe
        12⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
        13⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        14⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56493.exe
        15⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 216
        14⤵
        
        PID:936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
        13⤵
        
        PID:10580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
        12⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        11⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
        10⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10917.exe
        9⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        10⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe
        11⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25878.exe
        12⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61470.exe
        13⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        14⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 216
        13⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 216
        12⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        11⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
        10⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
        9⤵
        Program crash
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11270.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3886.exe
        9⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
        10⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
        11⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17985.exe
        12⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        13⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
        14⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 216
        13⤵
        
        PID:12328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
        12⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        11⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
        10⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
        9⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
        8⤵
        Program crash
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41316.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        8⤵
        Program crash
        
        PID:1284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
        7⤵
        Program crash
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42869.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37135.exe
        9⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        10⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4595.exe
        11⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50958.exe
        12⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30018.exe
        12⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36977.exe
        13⤵
        
        PID:12756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
        13⤵
        
        PID:13484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 220
        12⤵
        
        PID:10904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
        11⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
        10⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
        9⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6707.exe
        10⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35006.exe
        11⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48196.exe
        12⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56034.exe
        13⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 216
        12⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
        11⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
        10⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
        9⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
        9⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46121.exe
        10⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        11⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53998.exe
        12⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 220
        12⤵
        
        PID:13420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
        11⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
        10⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        9⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        8⤵
        Program crash
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6865.exe
        9⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe
        10⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35281.exe
        11⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
        12⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
        13⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 220
        12⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
        11⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
        10⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        9⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
        8⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        7⤵
        Program crash
        
        PID:1672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 240
        6⤵
        Program crash
        
        PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44654.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24997.exe
        8⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38780.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
        10⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3848.exe
        11⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26198.exe
        12⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
        13⤵
        
        PID:13920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 216
        13⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
        12⤵
        
        PID:11456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
        11⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        10⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 216
        9⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2070.exe
        9⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
        10⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45253.exe
        11⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7727.exe
        12⤵
        
        PID:13776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11028 -s 236
        12⤵
        
        PID:13916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 236
        11⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 236
        10⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        9⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
        8⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14083.exe
        8⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
        9⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39463.exe
        10⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        11⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54880.exe
        12⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 216
        12⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
        11⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
        10⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
        9⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
        8⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        7⤵
        Program crash
        
        PID:2608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
        6⤵
        Program crash
        
        PID:1828
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        5⤵
        Program crash
        
        PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13716.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61000.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
        8⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
        9⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe
        10⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        11⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43162.exe
        12⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64297.exe
        13⤵
        
        PID:14180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11376 -s 216
        13⤵
        
        PID:14288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 216
        12⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 236
        11⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
        10⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 236
        9⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
        9⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        10⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
        11⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58656.exe
        12⤵
        
        PID:13808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11088 -s 216
        12⤵
        
        PID:13932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 236
        11⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        10⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        9⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8904.exe
        8⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37177.exe
        9⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52198.exe
        10⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26883.exe
        11⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58163.exe
        12⤵
        
        PID:13844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11172 -s 236
        12⤵
        
        PID:14016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
        11⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 236
        10⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        9⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
        8⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
        7⤵
        Program crash
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
        6⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        7⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 200
        8⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
        7⤵
        
        PID:5420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        6⤵
        Program crash
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44638.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22423.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41437.exe
        9⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64735.exe
        10⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60169.exe
        11⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
        12⤵
        
        PID:12376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 220
        12⤵
        
        PID:13392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
        11⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
        10⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
        9⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
        7⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        8⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5747.exe
        9⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52665.exe
        10⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        11⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
        12⤵
        
        PID:14028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10512 -s 216
        12⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
        11⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 236
        10⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        9⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
        8⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
        7⤵
        Program crash
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        6⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55095.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        8⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38913.exe
        9⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7621.exe
        10⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        11⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe
        12⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
        11⤵
        
        PID:12364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
        10⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        9⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
        8⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 236
        7⤵
        
        PID:4244
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
        5⤵
        Program crash
        
        PID:340
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9246.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49174.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38256.exe
        9⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23319.exe
        10⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        11⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe
        12⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47660.exe
        13⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11752 -s 236
        13⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
        12⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
        11⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
        10⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        9⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
        8⤵
        Program crash
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5515.exe
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6081.exe
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
        9⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 220
        10⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
        9⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
        8⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 220
        7⤵
        Program crash
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41909.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50321.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29896.exe
        9⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
        10⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24752.exe
        11⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33152.exe
        12⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4453.exe
        13⤵
        
        PID:13948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11936 -s 216
        13⤵
        
        PID:13548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 216
        12⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
        11⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 236
        10⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        9⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18390.exe
        8⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        9⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9925.exe
        10⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
        11⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
        12⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 216
        11⤵
        
        PID:13244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
        10⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
        9⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        8⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        9⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50299.exe
        10⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
        11⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63166.exe
        12⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11816 -s 236
        12⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 216
        11⤵
        
        PID:13272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
        10⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        9⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 220
        7⤵
        Program crash
        
        PID:3856
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        6⤵
        Program crash
        
        PID:1604
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 236
        5⤵
        Program crash
        
        PID:1388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33751.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45038.exe
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        7⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30280.exe
        8⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 188
        9⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
        8⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 216
        7⤵
        Program crash
        
        PID:3392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
        6⤵
        Program crash
        
        PID:3404
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 236
        5⤵
        Program crash
        
        PID:1692
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
      4⤵
      Program crash
      PID:1944
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2736
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240
  2⤵
  - Program crash
  PID:2660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe

Filesize
184KB

MD5
7e7346ca954a516310ce0cbbcde9c196

SHA1
cf3f5d2451026161008f2638617b1276580c48af

SHA256
f9b31f4bdc7dc160227f41b51bfc3467065c7cfa3c37804665fde4262b5b7850

SHA512
cdf0fbd7a4d3c0a17a9b03a09ef2f4e131b1fd6343446f16dad1baef660fbabdccf90202a4485a1ebc8392d5e7427ae4eb980303d1a0d87716b624e5d22c8497

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13693.exe

Filesize
184KB

MD5
5921e79186ab422e0b593203516bb73c

SHA1
5c5db78eeb010685211dfbbc7e3323e0a8ced462

SHA256
653eed4017f2920c4cacedd0dc6b7662a19d3140e1be6c6f1db808892c5d2481

SHA512
797f045e26637587048621da3bcc8c1f6dec285d705d90e7a7650c3b599c9241a3a4ba7e48f042477c269908c34251c51c24501a52567c7879e35880e0420652

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe

Filesize
184KB

MD5
e2fe1c4508f65155550ef126c4c877fe

SHA1
9d700ba01ebe7235f35006b2109d790d5c4c3597

SHA256
3665c9760ddeb454e9313e56db734a98874916225d1f824d2f305ddf40bc9055

SHA512
fc5b043e04b109108bf2c342dbbe54e8b4b91c67d84568a16471fbe87185edff32f14ca98720861745aa996ab20763d418e7f243b3ea8786640adb7da8b24de3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe

Filesize
184KB

MD5
28d9870bc129681dd82d74605d8bb0a8

SHA1
414a20e7c574503eec7e7a86e56be37c15d1c316

SHA256
672367279976f2fd2346679fdf77e0ba71ff68a6d8b213f13541dbcf5a24f135

SHA512
029c6af9cc4edb8c6c46963be2d458dc2bdcdde894f71f3eb5f139f4dea68200ba1d4321d9eb30e80a561f6f52b682417681c8c8f254ac0f86fac34af5464164

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe

Filesize
184KB

MD5
eaefee5dbd019897a63b51b685666b52

SHA1
8914c0c17fecd4243f8f356d1c075a859513345d

SHA256
8f6de3ef76ba826309460ba080bc25827272a45b9e89c6b05c58eb430dd99fff

SHA512
047e5876ddbff273590fa220d91d94a9deb0b98bffa6b5cb7d31d209339ec2542934caa0b6d5e4fafaafda46096a46c50a6469117638c960e6eb229e7127bb0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe

Filesize
184KB

MD5
ceb6c40ebd5b14e5754088df6cbc60dd

SHA1
037bb5d33ef19ae51242952e304ccb194542d429

SHA256
5db467fee0e24c94a67f5f99b7d14f96f7c905bf008ed46eea76f5ccd8c52ac8

SHA512
1e78ce08384b0320c639d55e1c5abd499b08b695ecc51c3b2dc1ae04dafdc65c32b9264e1c0bf5257786c7ae059658c0055311dc91ede8f79450fcb197af2a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe

Filesize
184KB

MD5
6af0ae8b0c510c13716f07640660d53b

SHA1
a6afa0a4721cdcafe0d8356a240183722ffa9f1d

SHA256
4c7442bdc4793cef1557e0e359ab6f5e10247432e8400eaaa644ea6b35a40e18

SHA512
622caabc6cdaf88652cafb0e72dfeb07c17e14fa948eb5a16288604985c5bd92259251c49ca0fb942a3a3fc37c93dd1cb3e1b4561a0313ced9f8d33cf27395f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5827.exe

Filesize
184KB

MD5
eb9d6510813d472046974a886d6b066b

SHA1
d678e3fdd98ffcc86fecfb9fba759a79392e848d

SHA256
64f3339da75396cd95317de6468e21e63ede06397eb1bf89f7b54bec883dd24e

SHA512
ce97b8ac757ac49eaf2fc1c1998e580b0201a09a491c48c035eee7f5e1240468e8eaa470f7e5ba64df145ea8ef68396b84dceabeb7cc100ee1ccfaf559232335

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5925.exe

Filesize
184KB

MD5
e59b40f908fe604e9c2aff50af346a70

SHA1
f0860008ece3d450d8f6674b56aab9601f53611d

SHA256
47c562992b2f425e156179f245afb1c9de9397e9815ac8da8e54ef4586d85452

SHA512
fbe380d4c4609b53c4ac4951e11666f40cfb9803d23245588d9513dee5a9ddbf23cd0cde2e70dfae43092169acff526f0063cc0ad8991ef3a12be5f914442a47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe

Filesize
184KB

MD5
4254021cbb1d8b9363486b9275fa4eb9

SHA1
bf13db17470b0e62d309bba546c0ef984ae5d1b9

SHA256
31e9d95931a2d2c98a4fc435c510c2b5f9e54b033eaaf2906f78a1454374cf02

SHA512
9ac11716ec1ad2542101b392ad49160ada8e54e79877ebc5788fdd602fa51cba44af419c194371ef6c8141e2a06881d9a40c690542d422eb4f62fd7c43ae593a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6159.exe

Filesize
184KB

MD5
13f1b26800d624af2f73beb93595435a

SHA1
24e700459d4617fa4b3fcea1c91084db5ada63d7

SHA256
b375e24028f0014a5a1352053e126830172d1b1d0223bd1b75efff3be2e2db91

SHA512
e481f7f2e1eb7cd6ae25cc38ca22b7b339d342a2ca6d48bc46878f57f4625c8afe457f193bc5fef145a6a1412cb2fc19e613d13b283220e95f3aa4eb32ce6869

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe

Filesize
184KB

MD5
f9452c8cddc84a65f5728bf7bc7a4f5e

SHA1
cc7ed010b770d323ab57cebda5ec9f865fa7a123

SHA256
ad58a96ace02fb413a980acb4868d7f0218df4a085b4e8ca9d4f64ec3234b726

SHA512
7d2e63ef8788ab3a3f2f32842a32f645052225c8cc0159d8d0648a96007511eddbf358f865e43a0611943323b223d84353955a09274edc65d335656522837f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe

Filesize
184KB

MD5
24def26462a5ab446691f17a7e9529c2

SHA1
477fa7a86129f02686bf2ff24b989f8fb1d7e368

SHA256
09344e0fdb990edf799ee62ab046d6647c330a092fdebba1052e896e8a1c4f9a

SHA512
7536c6af92e5dfb96424dab8fbecdfee9a3ec3b7815a7ed28fc83ef5261e72486c248186396da5d66080f37af649c61fd89204bcacd8e32b09c60e4e47c0cbf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe

Filesize
184KB

MD5
49b07a97780049220ff34e34b02adc43

SHA1
241dfb33917e8c6c6b7791822fb18b87a2919b60

SHA256
285eec02c052f944919e6eac031d4fbe35ef9e51cddcadeaba696e65580adff7

SHA512
99c95c3274f09efece7b3732a4d10a55339a0192443775e931c3e1e9dcec4a5469dfc538bd2370bba045059c88b9d6c1aeebf02c9973e6b334540fd3793f6be8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13716.exe

Filesize
184KB

MD5
8a17845e2eec701ce2561e57c96e9b39

SHA1
65b5ac0e27c82435cb8fa147fe6d36fed8c9f4d1

SHA256
3aa94b7b384ed776e1410b67cfe1b67b27acc4794876ba35a5942e7f4d24e546

SHA512
4f02f53595e3130db0e4e429e4c7550afb7d2f70ad4e9405752d61c2589b0f885fb79fe7213d2c4d1a6806a63d7b5068a2461d2d07193bb780a2919cab39eedf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe

Filesize
184KB

MD5
d6dff6b66b0956f08fecccd9cf491237

SHA1
09b26a7782b1885fed65516c6f1e35d6b0227c82

SHA256
f117f813758087595f0bb89c497296731c321b4f37bab31cec7494b9151ab128

SHA512
cd385bf4f11dc472c8d39374b82f04df1e476b06f0321a16f0179d00c45497b48d642f6429f4c5f0014513325a0f26c07b26544f6dbbdc07a3d5cd861ee345c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20790.exe

Filesize
184KB

MD5
1c9ab035e29ac9e4b80dbe031cf9f283

SHA1
b67e4218f748c60c362d6f4ba1558743d43072dd

SHA256
986e6a8a7030aa0a3c5bff0be1db583c19ceadad748efdc4f37e9ecdac298ee3

SHA512
60663710feecf878a0e39c65920c353cd3ec604f876955cb6b6e741f12f2ae190fccb1addac2358cb85b885e88c1bb3e0be094869ee02356776132902796e2fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30789.exe

Filesize
184KB

MD5
3c6c17a4296916ff8a01cc8d89a4cee7

SHA1
096b88f07897a02d723206b838733528bebe2779

SHA256
c530cc43f30464a63fa1948a309199c29ea86fe3d67e234997e921a4e0d298c3

SHA512
c72ccaa6fc04ce79f031b007bb675260fa2d4ca75ee2f369718b63f95b769e513052330a7f7e1c3635e32c19e44cc51617ef75247de144d5b5d0be087b6407a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33935.exe

Filesize
184KB

MD5
ce4cedce057dffd32e15dbd7e4816251

SHA1
7afaf2875225d815cdeb515d348964679b6166c8

SHA256
e7046a6e36fec65d07c2af657df54a3fe930505a35c85ec0d1c848ecb2d7ccc4

SHA512
7352222c7d35f385df46223dd99eaf880406aada1f6a4de4857c830f2de64b8ed35e6841b702a91d0eac6aaf5cd87c1b7561a04cbd40a575cd879b52b8ac50cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe

Filesize
184KB

MD5
153f043c7f6a2ed1f2e1dbb966986d4e

SHA1
01cacb70d276b336c73afd62a9b09fed3332a909

SHA256
5cc31af7cabf384ddb5464011f00318fd7ea74227f2bb2a12fdf2e311c6a2998

SHA512
0230d774258361e3be39fbbee41a742ed3bb43f02c5a324e32eabaa0d12487556ba14f40387e1bcd2f16901c4ea1349e0671f0666874c5180327fd6653b24f32

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe

Filesize
184KB

MD5
635e0f5e8817e9aebb9932d0de54b622

SHA1
3fb34e574bb213bcd4cd8ff9b745c89b2403fc09

SHA256
89f851309a7938d280377a49d2ebfc6e07438ca9519209aafcda4efd16cde4d0

SHA512
848a4344457c92b88d0c486aa497d5212e354cc82a08a7879930def2b60331715830eff48cd76dafae929f440661e32c2af2ada464425dfbfb1af67d4a081d0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe

Filesize
184KB

MD5
b4e3cf0d00237cce1a9efb20e2624e65

SHA1
c0c4826fdda0779df47e94edff6e9615be49e910

SHA256
a4bc2e5c03820e2c6480ecbf1eb385aca7ead460f29dbcd454d108c4d6abb95e

SHA512
bf314b0417a1ce0f81441ca43e710f29f364f3f13b24d511ee21f07c1b3a7e7c87f41590c1a229b9b33eaec2d7bca1d250c5390dedfde8d99a4dc6fc34629dab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe

Filesize
184KB

MD5
9a4c9def84e2e495e932adfbbdb8bee4

SHA1
198626e743ec66a83447391071ef9b4ee901cf4e

SHA256
b431e121b327772c71ef8220d7eec8c6dc901fb669a699595654534b1a1aedcc

SHA512
1e839af4b19f3744f5f6354c1900a9d562632de1d1a47a0105bb75c9b44d8d6393870e4e28ff27a655673432103ac6a9c5f5fe73b48be1993e0a987501833d32

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9430.exe

Filesize
184KB

MD5
e2b376c80a01ed88b432b70862a085c5

SHA1
4c90c2bc57c35a7eb2aa8381456df09d17455578

SHA256
86a5c09cf951152df6bb035739d26facd7dff369e035d51ff7ff18dc265b39ae

SHA512
e6910e2eed2f5b51e59f729ba559904a67999dab708fc015b68097bf094463fe6b36e6146c84f2dae94a761e1730abec01a2fb3e7c1a75ce807dece4402c9b85

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads