19dd724db6eb9ce14085fad103c26b1738db967687e791b7650cf1df7e9287a4

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 20:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe
Size

184KB
MD5

1a196672f24c0e650e5da459f96d82f0
SHA1

caba06f04510151d5d6df6f3e3dae117593e542b
SHA256

19dd724db6eb9ce14085fad103c26b1738db967687e791b7650cf1df7e9287a4
SHA512

8c04d2c7355413ff26b3465fa445c4533f475c2833b7e40bbfc5c3367c876b26b630a8a3e6a7e3608dcacdc13631032ff603d978df6d040955f2d63bfb7f8850
SSDEEP

3072:pqt3qxoT78OTdG4We8wLRls4hlnViF7n3:pq6oZJG4fL/s4hlnViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3020	Unicorn-49551.exe
2060	Unicorn-58835.exe
2492	Unicorn-34885.exe
2688	Unicorn-58918.exe
2832	Unicorn-4242.exe
2828	Unicorn-24108.exe
1820	Unicorn-22053.exe
2876	Unicorn-63640.exe
3060	Unicorn-28829.exe
1752	Unicorn-13884.exe
3064	Unicorn-48695.exe
1336	Unicorn-45763.exe
1760	Unicorn-21813.exe
1980	Unicorn-52561.exe
1244	Unicorn-44393.exe
2108	Unicorn-55254.exe
332	Unicorn-9582.exe
1048	Unicorn-18305.exe
1484	Unicorn-3360.exe
2036	Unicorn-46614.exe
1352	Unicorn-57475.exe
1040	Unicorn-11803.exe
1704	Unicorn-52644.exe
1324	Unicorn-18388.exe
684	Unicorn-3443.exe
2212	Unicorn-14304.exe
2168	Unicorn-60812.exe
2140	Unicorn-23864.exe
1508	Unicorn-34724.exe
1740	Unicorn-19780.exe
2440	Unicorn-30640.exe
1604	Unicorn-50506.exe
2816	Unicorn-34409.exe
2956	Unicorn-45270.exe
1028	Unicorn-62997.exe
2692	Unicorn-8321.exe
2888	Unicorn-58913.exe
2540	Unicorn-50745.exe
2872	Unicorn-61606.exe
2936	Unicorn-32271.exe
2332	Unicorn-40993.exe
1556	Unicorn-60859.exe
1528	Unicorn-46469.exe
2780	Unicorn-42939.exe
1428	Unicorn-27995.exe
2280	Unicorn-15743.exe
2072	Unicorn-59276.exe
2100	Unicorn-44331.exe
2980	Unicorn-20381.exe
2352	Unicorn-5436.exe
484	Unicorn-40247.exe
1476	Unicorn-16297.exe
1572	Unicorn-55981.exe
1052	Unicorn-32031.exe
3000	Unicorn-64533.exe
2144	Unicorn-46059.exe
1804	Unicorn-4704.exe
2560	Unicorn-51212.exe
2536	Unicorn-14263.exe
2776	Unicorn-14263.exe
2604	Unicorn-16956.exe
2648	Unicorn-36822.exe
2904	Unicorn-47683.exe
2800	Unicorn-48005.exe

Loads dropped DLL 64 IoCs

pid	Process
568	1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe
568	1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe
3020	Unicorn-49551.exe
3020	Unicorn-49551.exe
568	1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe
568	1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe
2060	Unicorn-58835.exe
2492	Unicorn-34885.exe
2060	Unicorn-58835.exe
2492	Unicorn-34885.exe
3020	Unicorn-49551.exe
3020	Unicorn-49551.exe
3032	WerFault.exe
3032	WerFault.exe
3032	WerFault.exe
3032	WerFault.exe
3032	WerFault.exe
2688	Unicorn-58918.exe
2688	Unicorn-58918.exe
2060	Unicorn-58835.exe
2060	Unicorn-58835.exe
2492	Unicorn-34885.exe
2492	Unicorn-34885.exe
2828	Unicorn-24108.exe
2828	Unicorn-24108.exe
2832	Unicorn-4242.exe
2832	Unicorn-4242.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
1500	WerFault.exe
2000	WerFault.exe
1820	Unicorn-22053.exe
1820	Unicorn-22053.exe
2688	Unicorn-58918.exe
2688	Unicorn-58918.exe
3060	Unicorn-28829.exe
3060	Unicorn-28829.exe
1752	Unicorn-13884.exe
1752	Unicorn-13884.exe
2832	Unicorn-4242.exe
2832	Unicorn-4242.exe
3064	Unicorn-48695.exe
3064	Unicorn-48695.exe
2828	Unicorn-24108.exe
2828	Unicorn-24108.exe
2876	Unicorn-63640.exe
2876	Unicorn-63640.exe
2324	WerFault.exe
2324	WerFault.exe
2324	WerFault.exe
2324	WerFault.exe
2324	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
2500	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2720	568	WerFault.exe	27
3032	3020	WerFault.exe	28
1500	2060	WerFault.exe	29
2000	2492	WerFault.exe	30
2324	2688	WerFault.exe	32
2152	2828	WerFault.exe	33
2500	2832	WerFault.exe	34
2444	1820	WerFault.exe	36
2136	3060	WerFault.exe	38
2636	1752	WerFault.exe	40
2668	3064	WerFault.exe	39
2664	2876	WerFault.exe	37
1252	1508	WerFault.exe	63
1560	1336	WerFault.exe	43
2392	1760	WerFault.exe	44
1896	1980	WerFault.exe	45
1512	1244	WerFault.exe	46
2284	2108	WerFault.exe	47
2292	1484	WerFault.exe	50
876	332	WerFault.exe	48
1276	1048	WerFault.exe	49
2076	2036	WerFault.exe	54
1728	1352	WerFault.exe	55
2860	1704	WerFault.exe	57
2812	1324	WerFault.exe	58
2104	2212	WerFault.exe	60
1944	2440	WerFault.exe	66
528	2168	WerFault.exe	61
584	1040	WerFault.exe	56
1884	3000	WerFault.exe	103
2092	2140	WerFault.exe	62
1756	1740	WerFault.exe	64
972	684	WerFault.exe	59
3008	1604	WerFault.exe	65
768	2816	WerFault.exe	71
3168	2692	WerFault.exe	75
3360	2888	WerFault.exe	76
3436	2956	WerFault.exe	72
3428	2332	WerFault.exe	80
3720	2280	WerFault.exe	86
3320	2872	WerFault.exe	78
3340	2100	WerFault.exe	88
3448	1028	WerFault.exe	73
3476	2980	WerFault.exe	89
3504	1528	WerFault.exe	82
3532	2144	WerFault.exe	104
3564	1556	WerFault.exe	81
3592	1804	WerFault.exe	105
3692	2560	WerFault.exe	106
3804	2928	WerFault.exe	115
3856	2800	WerFault.exe	112
3888	2316	WerFault.exe	129
3904	2064	WerFault.exe	118
3984	836	WerFault.exe	124
3080	2648	WerFault.exe	110
3140	2780	WerFault.exe	83
3284	2904	WerFault.exe	111
3392	2936	WerFault.exe	79
3424	2856	WerFault.exe	116
3600	2536	WerFault.exe	107
3752	1844	WerFault.exe	119
3956	2604	WerFault.exe	109
3976	2072	WerFault.exe	87
1948	1476	WerFault.exe	92

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
568	1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe
3020	Unicorn-49551.exe
2060	Unicorn-58835.exe
2492	Unicorn-34885.exe
2688	Unicorn-58918.exe
2828	Unicorn-24108.exe
2832	Unicorn-4242.exe
1820	Unicorn-22053.exe
3060	Unicorn-28829.exe
1752	Unicorn-13884.exe
3064	Unicorn-48695.exe
2876	Unicorn-63640.exe
1336	Unicorn-45763.exe
1760	Unicorn-21813.exe
1980	Unicorn-52561.exe
1244	Unicorn-44393.exe
2108	Unicorn-55254.exe
332	Unicorn-9582.exe
1484	Unicorn-3360.exe
1048	Unicorn-18305.exe
2036	Unicorn-46614.exe
1352	Unicorn-57475.exe
1040	Unicorn-11803.exe
1704	Unicorn-52644.exe
1324	Unicorn-18388.exe
684	Unicorn-3443.exe
2212	Unicorn-14304.exe
2168	Unicorn-60812.exe
2140	Unicorn-23864.exe
1508	Unicorn-34724.exe
1604	Unicorn-50506.exe
1740	Unicorn-19780.exe
2440	Unicorn-30640.exe
2816	Unicorn-34409.exe
2692	Unicorn-8321.exe
2956	Unicorn-45270.exe
1028	Unicorn-62997.exe
2888	Unicorn-58913.exe
2872	Unicorn-61606.exe
2540	Unicorn-50745.exe
2332	Unicorn-40993.exe
2936	Unicorn-32271.exe
1556	Unicorn-60859.exe
1528	Unicorn-46469.exe
1428	Unicorn-27995.exe
2780	Unicorn-42939.exe
2072	Unicorn-59276.exe
2280	Unicorn-15743.exe
2100	Unicorn-44331.exe
2980	Unicorn-20381.exe
484	Unicorn-40247.exe
2352	Unicorn-5436.exe
1476	Unicorn-16297.exe
1572	Unicorn-55981.exe
1052	Unicorn-32031.exe
3000	Unicorn-64533.exe
2144	Unicorn-46059.exe
1804	Unicorn-4704.exe
2560	Unicorn-51212.exe
2776	Unicorn-14263.exe
2536	Unicorn-14263.exe
2904	Unicorn-47683.exe
2648	Unicorn-36822.exe
2604	Unicorn-16956.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 568 wrote to memory of 3020	568	1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe	28
PID 568 wrote to memory of 3020	568	1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe	28
PID 568 wrote to memory of 3020	568	1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe	28
PID 568 wrote to memory of 3020	568	1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe	28
PID 3020 wrote to memory of 2060	3020	Unicorn-49551.exe	29
PID 3020 wrote to memory of 2060	3020	Unicorn-49551.exe	29
PID 3020 wrote to memory of 2060	3020	Unicorn-49551.exe	29
PID 3020 wrote to memory of 2060	3020	Unicorn-49551.exe	29
PID 568 wrote to memory of 2492	568	1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe	30
PID 568 wrote to memory of 2492	568	1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe	30
PID 568 wrote to memory of 2492	568	1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe	30
PID 568 wrote to memory of 2492	568	1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe	30
PID 568 wrote to memory of 2720	568	1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe	31
PID 568 wrote to memory of 2720	568	1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe	31
PID 568 wrote to memory of 2720	568	1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe	31
PID 568 wrote to memory of 2720	568	1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe	31
PID 2060 wrote to memory of 2688	2060	Unicorn-58835.exe	32
PID 2060 wrote to memory of 2688	2060	Unicorn-58835.exe	32
PID 2060 wrote to memory of 2688	2060	Unicorn-58835.exe	32
PID 2060 wrote to memory of 2688	2060	Unicorn-58835.exe	32
PID 2492 wrote to memory of 2828	2492	Unicorn-34885.exe	33
PID 2492 wrote to memory of 2828	2492	Unicorn-34885.exe	33
PID 2492 wrote to memory of 2828	2492	Unicorn-34885.exe	33
PID 2492 wrote to memory of 2828	2492	Unicorn-34885.exe	33
PID 3020 wrote to memory of 2832	3020	Unicorn-49551.exe	34
PID 3020 wrote to memory of 2832	3020	Unicorn-49551.exe	34
PID 3020 wrote to memory of 2832	3020	Unicorn-49551.exe	34
PID 3020 wrote to memory of 2832	3020	Unicorn-49551.exe	34
PID 3020 wrote to memory of 3032	3020	Unicorn-49551.exe	35
PID 3020 wrote to memory of 3032	3020	Unicorn-49551.exe	35
PID 3020 wrote to memory of 3032	3020	Unicorn-49551.exe	35
PID 3020 wrote to memory of 3032	3020	Unicorn-49551.exe	35
PID 2688 wrote to memory of 1820	2688	Unicorn-58918.exe	36
PID 2688 wrote to memory of 1820	2688	Unicorn-58918.exe	36
PID 2688 wrote to memory of 1820	2688	Unicorn-58918.exe	36
PID 2688 wrote to memory of 1820	2688	Unicorn-58918.exe	36
PID 2060 wrote to memory of 2876	2060	Unicorn-58835.exe	37
PID 2060 wrote to memory of 2876	2060	Unicorn-58835.exe	37
PID 2060 wrote to memory of 2876	2060	Unicorn-58835.exe	37
PID 2060 wrote to memory of 2876	2060	Unicorn-58835.exe	37
PID 2492 wrote to memory of 3060	2492	Unicorn-34885.exe	38
PID 2492 wrote to memory of 3060	2492	Unicorn-34885.exe	38
PID 2492 wrote to memory of 3060	2492	Unicorn-34885.exe	38
PID 2492 wrote to memory of 3060	2492	Unicorn-34885.exe	38
PID 2828 wrote to memory of 3064	2828	Unicorn-24108.exe	39
PID 2828 wrote to memory of 3064	2828	Unicorn-24108.exe	39
PID 2828 wrote to memory of 3064	2828	Unicorn-24108.exe	39
PID 2828 wrote to memory of 3064	2828	Unicorn-24108.exe	39
PID 2832 wrote to memory of 1752	2832	Unicorn-4242.exe	40
PID 2832 wrote to memory of 1752	2832	Unicorn-4242.exe	40
PID 2832 wrote to memory of 1752	2832	Unicorn-4242.exe	40
PID 2832 wrote to memory of 1752	2832	Unicorn-4242.exe	40
PID 2060 wrote to memory of 1500	2060	Unicorn-58835.exe	41
PID 2060 wrote to memory of 1500	2060	Unicorn-58835.exe	41
PID 2060 wrote to memory of 1500	2060	Unicorn-58835.exe	41
PID 2060 wrote to memory of 1500	2060	Unicorn-58835.exe	41
PID 2492 wrote to memory of 2000	2492	Unicorn-34885.exe	42
PID 2492 wrote to memory of 2000	2492	Unicorn-34885.exe	42
PID 2492 wrote to memory of 2000	2492	Unicorn-34885.exe	42
PID 2492 wrote to memory of 2000	2492	Unicorn-34885.exe	42
PID 1820 wrote to memory of 1336	1820	Unicorn-22053.exe	43
PID 1820 wrote to memory of 1336	1820	Unicorn-22053.exe	43
PID 1820 wrote to memory of 1336	1820	Unicorn-22053.exe	43
PID 1820 wrote to memory of 1336	1820	Unicorn-22053.exe	43

C:\Users\Admin\AppData\Local\Temp\1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1a196672f24c0e650e5da459f96d82f0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49551.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49551.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58835.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58918.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46614.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34409.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56064.exe
        10⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        11⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        12⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        13⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48457.exe
        14⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
        15⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 216
        15⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        14⤵
        
        PID:9312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
        13⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
        12⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
        11⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        10⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3158.exe
        11⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
        12⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59339.exe
        13⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11664.exe
        14⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21533.exe
        15⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 216
        14⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
        13⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
        12⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 236
        11⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        10⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32114.exe
        9⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        10⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11134.exe
        11⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26459.exe
        12⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8000.exe
        13⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50559.exe
        14⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2871.exe
        15⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10564 -s 216
        15⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 216
        14⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
        13⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        12⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        11⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 216
        10⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        9⤵
        Program crash
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32031.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51980.exe
        9⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        10⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15135.exe
        11⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
        12⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45006.exe
        13⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        14⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 216
        14⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
        13⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
        12⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 236
        11⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
        10⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        10⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
        10⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
        11⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
        12⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        13⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8200 -s 220
        13⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
        12⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
        11⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 220
        10⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
        9⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
        8⤵
        Program crash
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45270.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        9⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
        10⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        11⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe
        12⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62821.exe
        13⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe
        14⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 220
        14⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
        13⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
        12⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        11⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
        10⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        11⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
        12⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
        13⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28995.exe
        14⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 216
        13⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
        12⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
        11⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
        10⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
        9⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        10⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40019.exe
        11⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14606.exe
        12⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51135.exe
        13⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
        14⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 220
        13⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
        12⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        11⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
        10⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        9⤵
        Program crash
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57963.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43101.exe
        9⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        10⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55068.exe
        11⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59998.exe
        12⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32744.exe
        13⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 220
        13⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
        12⤵
        
        PID:10116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
        11⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
        10⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        10⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        11⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1550.exe
        12⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
        13⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 216
        12⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
        11⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        10⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
        9⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 220
        8⤵
        Program crash
        
        PID:3436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
        7⤵
        Program crash
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57475.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58913.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
        9⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38633.exe
        10⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33501.exe
        11⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        12⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 220
        13⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
        12⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        11⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 236
        10⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
        9⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
        10⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46324.exe
        11⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
        12⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55961.exe
        13⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 236
        13⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
        12⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        11⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        10⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        9⤵
        Program crash
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57003.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32411.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        10⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38841.exe
        11⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
        12⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
        13⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 220
        13⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
        12⤵
        
        PID:10108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
        11⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        10⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60999.exe
        9⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45810.exe
        10⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
        11⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
        12⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
        13⤵
        
        PID:12540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 220
        12⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        11⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
        10⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
        9⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
        8⤵
        Program crash
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19884.exe
        8⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58856.exe
        10⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
        11⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6957.exe
        12⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe
        13⤵
        
        PID:12596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10656 -s 216
        13⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 216
        12⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
        11⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        10⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
        9⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47232.exe
        9⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        10⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57969.exe
        11⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
        12⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 220
        12⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
        11⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        10⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
        9⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
        8⤵
        Program crash
        
        PID:3592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
        7⤵
        Program crash
        
        PID:1728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
        6⤵
        Program crash
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11803.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54201.exe
        9⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
        10⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62037.exe
        11⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26859.exe
        12⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
        13⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15263.exe
        14⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 216
        13⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
        12⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        11⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 236
        10⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29334.exe
        9⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
        10⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39495.exe
        11⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16133.exe
        12⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
        13⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 220
        12⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
        11⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        10⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
        9⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 220
        8⤵
        Program crash
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16956.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
        8⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        9⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62660.exe
        10⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        11⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        12⤵
        
        PID:10664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 216
        12⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
        11⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
        10⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 216
        9⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 216
        8⤵
        Program crash
        
        PID:3956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
        7⤵
        Program crash
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
        8⤵
        Program crash
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        7⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50885.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
        9⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40211.exe
        10⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12468.exe
        11⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        12⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62326.exe
        13⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 220
        12⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
        11⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
        10⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
        9⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 236
        8⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        7⤵
        Program crash
        
        PID:3168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
        6⤵
        Program crash
        
        PID:2392
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3360.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
        8⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25997.exe
        9⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        10⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        11⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe
        12⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        13⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
        13⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 236
        12⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
        11⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 216
        10⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 216
        9⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
        8⤵
        Program crash
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25700.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        9⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59816.exe
        10⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
        11⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        12⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64625.exe
        13⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10908 -s 216
        13⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 216
        12⤵
        
        PID:11328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
        11⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 236
        10⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
        9⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
        8⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        7⤵
        Program crash
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59276.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63272.exe
        7⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21913.exe
        8⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        9⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        10⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
        11⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61197.exe
        12⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9284 -s 236
        12⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
        11⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
        10⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 216
        9⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 236
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49110.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        8⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
        9⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        10⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21535.exe
        11⤵
        
        PID:10516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 216
        11⤵
        
        PID:12316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 216
        10⤵
        
        PID:10048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
        9⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        8⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
        7⤵
        Program crash
        
        PID:3976
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
        6⤵
        Program crash
        
        PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
        6⤵
        Program crash
        
        PID:1252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
        5⤵
        Program crash
        
        PID:2664
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13884.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3443.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60859.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        8⤵
        Executes dropped EXE
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
        9⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
        10⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        11⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
        12⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        13⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24911.exe
        14⤵
        
        PID:13112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
        13⤵
        
        PID:11336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
        12⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        11⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
        10⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
        9⤵
        Program crash
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28113.exe
        8⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35748.exe
        9⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14035.exe
        10⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9235.exe
        11⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58208.exe
        12⤵
        
        PID:10784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 236
        12⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
        11⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        10⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
        9⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
        8⤵
        Program crash
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6650.exe
        7⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
        9⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15467.exe
        10⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26091.exe
        11⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe
        12⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22965.exe
        13⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 220
        12⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
        11⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 236
        10⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
        9⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
        8⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 240
        7⤵
        Program crash
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30360.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31939.exe
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11430.exe
        10⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47471.exe
        11⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26055.exe
        12⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30474.exe
        13⤵
        
        PID:12800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11208 -s 216
        13⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 216
        12⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
        11⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
        10⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        9⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
        8⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
        7⤵
        Program crash
        
        PID:3428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240
        6⤵
        Program crash
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27995.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        7⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        8⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33802.exe
        9⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 220
        10⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 216
        9⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 216
        8⤵
        Program crash
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49110.exe
        7⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        8⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30564.exe
        9⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
        10⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
        11⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 220
        11⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
        10⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
        9⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
        8⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 220
        7⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-428.exe
        6⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        7⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        9⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
        10⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
        11⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32612.exe
        12⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 216
        11⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
        10⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
        9⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
        8⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
        7⤵
        Program crash
        
        PID:3984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
        6⤵
        Program crash
        
        PID:2104
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
        5⤵
        Program crash
        
        PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55254.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46469.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43703.exe
        8⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
        9⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43672.exe
        10⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65478.exe
        11⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56589.exe
        12⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
        13⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 216
        12⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
        11⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 236
        10⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 216
        9⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
        8⤵
        Program crash
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        7⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
        8⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64092.exe
        9⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
        10⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
        11⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13286.exe
        12⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10732 -s 236
        12⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 236
        11⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
        10⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        9⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
        8⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        7⤵
        Program crash
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58093.exe
        7⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15327.exe
        8⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34456.exe
        9⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
        10⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47985.exe
        11⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 236
        11⤵
        
        PID:12380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
        10⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        9⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 236
        8⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
        7⤵
        Program crash
        
        PID:3284
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
        6⤵
        Program crash
        
        PID:528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46936.exe
        6⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
        7⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
        8⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2167.exe
        9⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45006.exe
        10⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
        11⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33982.exe
        12⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10892 -s 216
        12⤵
        
        PID:12608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 216
        11⤵
        
        PID:12292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
        10⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
        9⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
        8⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 220
        7⤵
        Program crash
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        6⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        9⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        10⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
        11⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 220
        10⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
        9⤵
        
        PID:9636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
        8⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
        7⤵
        
        PID:5928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        6⤵
        Program crash
        
        PID:3140
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
        5⤵
        Program crash
        
        PID:2284
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2500
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:3032
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34885.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34885.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24108.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        8⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        9⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49178.exe
        10⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe
        11⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64985.exe
        12⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5250.exe
        13⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32612.exe
        14⤵
        
        PID:12908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
        13⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
        12⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        11⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        10⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14922.exe
        9⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        10⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        11⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
        12⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14962.exe
        13⤵
        
        PID:12668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 220
        12⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 216
        11⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        10⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 240
        9⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
        8⤵
        
        PID:3248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 220
        9⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 220
        8⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-428.exe
        7⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58669.exe
        8⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45732.exe
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        10⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        11⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
        12⤵
        
        PID:10880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 236
        12⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
        11⤵
        
        PID:10204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        10⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        9⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23090.exe
        8⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65478.exe
        10⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8711.exe
        11⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29701.exe
        12⤵
        
        PID:12700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
        11⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
        10⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
        9⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 220
        8⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
        7⤵
        Program crash
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16297.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13272.exe
        9⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27528.exe
        10⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30751.exe
        11⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30331.exe
        12⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2871.exe
        13⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 216
        13⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 216
        12⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
        11⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
        10⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 216
        9⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 216
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26551.exe
        7⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16349.exe
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49017.exe
        9⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
        10⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        11⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
        12⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 236
        11⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
        10⤵
        
        PID:9412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
        9⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
        8⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 220
        7⤵
        Program crash
        
        PID:1948
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 240
        6⤵
        Program crash
        
        PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30640.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        7⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25997.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        9⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38711.exe
        10⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
        10⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
        9⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 216
        8⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49110.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
        9⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19817.exe
        10⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        11⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 236
        11⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
        10⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        9⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        8⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 220
        7⤵
        
        PID:4696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
        6⤵
        Program crash
        
        PID:1944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        5⤵
        Program crash
        
        PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50506.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44331.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        7⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19391.exe
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43916.exe
        9⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
        10⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56791.exe
        11⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7471.exe
        12⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 216
        12⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 220
        11⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
        10⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
        9⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
        8⤵
        Program crash
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
        7⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8145.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
        9⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        10⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30776.exe
        11⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 216
        11⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
        10⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        9⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
        8⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
        7⤵
        Program crash
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        6⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        8⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
        9⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1451.exe
        10⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        11⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 216
        11⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 216
        10⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
        9⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
        8⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
        7⤵
        
        PID:3828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        6⤵
        Program crash
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20381.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        6⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
        7⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
        9⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13838.exe
        10⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5250.exe
        11⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        12⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
        11⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        10⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 236
        9⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
        8⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
        7⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12452.exe
        8⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        9⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe
        10⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8852 -s 216
        10⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
        9⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        8⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 220
        7⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48726.exe
        6⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
        7⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13376.exe
        8⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
        9⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        10⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        11⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 220
        10⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 220
        9⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        8⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 216
        7⤵
        
        PID:5548
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        6⤵
        Program crash
        
        PID:3476
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
        5⤵
        Program crash
        
        PID:1276
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28829.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28829.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52644.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2862.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45670.exe
        9⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
        10⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13044.exe
        11⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
        12⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
        13⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10836 -s 216
        13⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 216
        12⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 220
        11⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        10⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
        9⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 236
        8⤵
        Program crash
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
        7⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        8⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        9⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
        10⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
        11⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        12⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11216 -s 236
        12⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
        10⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
        9⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 236
        8⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
        7⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
        6⤵
        
        PID:1624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
        6⤵
        Program crash
        
        PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        6⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33034.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
        9⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        10⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        11⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
        12⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
        11⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
        10⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
        9⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
        8⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
        7⤵
        Program crash
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
        6⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
        7⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41809.exe
        8⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14030.exe
        9⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
        10⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2871.exe
        11⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10828 -s 216
        11⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8788 -s 236
        10⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
        9⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        8⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 236
        7⤵
        
        PID:5192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        6⤵
        Program crash
        
        PID:3320
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
        5⤵
        Program crash
        
        PID:1896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42852.exe
        6⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54585.exe
        7⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55244.exe
        8⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        10⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7388.exe
        11⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
        12⤵
        
        PID:12308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
        11⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        10⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 236
        9⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        8⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 216
        7⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        6⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        7⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49230.exe
        8⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
        9⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        10⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 216
        10⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
        9⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        8⤵
        
        PID:8164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
        6⤵
        Program crash
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        5⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        6⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9105.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
        8⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
        9⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7471.exe
        10⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29701.exe
        11⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 216
        10⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 220
        9⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
        8⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 216
        7⤵
        
        PID:6088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
        6⤵
        Program crash
        
        PID:3904
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
        5⤵
        Program crash
        
        PID:2812
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
      4⤵
      Program crash
      PID:2136
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
  2⤵
  - Program crash
  PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe

Filesize
184KB

MD5
9cc6ca47c90c32a772ba090de42f9c97

SHA1
1c84e2091d5548d9f895b958dc912d3cd737cdb5

SHA256
d27c46f328e59fe74b1405e4dd867d7b7d6f52deef8912da9b2b3e44c8810a08

SHA512
cecd6609acb513b564969b5d7bc5a27dcce8479c14e291f26f63cdb59eda0a90b1a389370c331f18b7fb1e5774d2f78f4de221dcc025fa05f10e15b34fa6170d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe

Filesize
184KB

MD5
9a712bff055e322861f608b2f894b74e

SHA1
abf31ecaaa9560280606f7cda37b077d30f4216a

SHA256
24db6c3786a97d6d96fe865a88d19963ffd1fc47f57232d023c57d122b6a3646

SHA512
918f7522ff57b7b2e6b6a7bdae81b66ab2e7cdcd8cf9dbad3c98be0572498acad58f0bb0598f21b6fe6a2466a164c7a6cc2ad5e2555aa44841c94e3f9d490c64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe

Filesize
184KB

MD5
d8004ba5a37705ccb8415fce14ed2dff

SHA1
f1415763eb63411c83635b5063f6899360f2f07b

SHA256
aeba081c4b928ae7ddfc9e733e95ca54c273a09b7c39fc32d72acb5fd63adf8a

SHA512
834c7b9c9a16e1d47e8ca21167ff4bdc1ca66a389e88a57544cf6cb91b7fd2e58df25e274fc9eebdde55de9bc77ce328f27ded440b721f5d686592ef0f4fc376

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24108.exe

Filesize
184KB

MD5
55be8e70b4445cba3f86f1a482d9c327

SHA1
952ca1801b3818915be65ee5847010d21bfa1019

SHA256
accd7c2bb38849e582ff168d7675fbe9f9f164993fac058d7aebf7c76bca2bde

SHA512
17862ba2752d4473aa9fdd9e21665596f61fd75bd262cd0a8f44e9f64547e023f33db6c8d19e326db7fada68f5eac2ebdf40b6e028b752b0773a110d80d6dea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28829.exe

Filesize
184KB

MD5
a57ff8c3791d358f7bef454e2035fb20

SHA1
2155ffb51aef67891151e36b1c053c926da05767

SHA256
17561e326f2f0358a94bcd3b28c60b8fedfb036630ef20e39b58a247c836fe4c

SHA512
2d66502d4a2b61f54a4a49974f5f4e6804cd52ff8a0baa967f6316d3db81096590b2a6f61c4fe7ca0c86cacfcd4b4e56ea09bc1c3d2b722d74a3224f2614e9ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe

Filesize
184KB

MD5
544587970ff40336f0a80bb38ecfba51

SHA1
61d53a5ba939bf56cff22157dc282e310a753785

SHA256
1d70842f68f5c198976bef5972af542219a2c1519eb4513ab777fb6fc8ebe453

SHA512
82af3af6e98a6e07b4f59dbe83c5cbcefa2f6d5f400ff5a2e5fbdf4fb80e5dca652e2c840c6f14bfe702584b082f40e3b8b3e9b67c36ef7934c11a4cba26d4af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe

Filesize
184KB

MD5
472309347804423d666b5c93a229617b

SHA1
00532943482a94520bf561da68b3bf11ef77ccd9

SHA256
d045c20590125f5f7f09b24dc7ee2164f6a34f1e9df729a14aa71d55ae2ac2c0

SHA512
a8940cbf32b2079c57c1cce6ef80d2f4978e16315105d3eff378c4e6d1c6cd48d1be15022270fb2f15ade41c9ebb2915964deaca367445f8abbf2aba4c6d6959

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe

Filesize
184KB

MD5
47982e51d67df0fcb02074c9f90f948a

SHA1
5109876f8113ae779e12d531c5a950112e12cf80

SHA256
d9722a1f3aac163a76d93bf0c99f7c5de73ab14e5a61cb850221453229a952b5

SHA512
5ab7c83047aa9ffa6e2276af36e5557dce30fa4b03e94e02335460126029d975d2692582b8b0fdce359aca49d3e68e475b835065c4d96d613ccb6631374b8753

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe

Filesize
184KB

MD5
85eeaec22723e8f08ed9a9ff4dc31c77

SHA1
f3628c36ee9af0129acbee2e7ba4adeb2bdecaa4

SHA256
e9a854a6506bdc1c913d41e888615fc58a887eae2dbaba96112e697894a72c0a

SHA512
18075ca8c88da3472ae6ac5f3b88a6c5dc15d2fbf3ddd878aaf18af136a8301176f7ead88c3e0ffc465a193b7d4afd89087a79993ff7a0a098a36b4c0e19c51b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58835.exe

Filesize
184KB

MD5
92c63b9c15f5002b68666ca41dca9be8

SHA1
257e3885f299a33ecaae5b75da76119019ade1b6

SHA256
921388c3a1668a30ba63138b8db472d7db81d7cd20752d42cc6094296ac5b5c5

SHA512
61cbdeab5d9dfa1192d8d3904b2acdaffacd512de443913974677aa8c1b0f1e106ef9e905a0db45fe2d00466437751e642ffa35cbd7b6a6f4b4c830ad7ce6224

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe

Filesize
184KB

MD5
c024de6c7f551b6fe37a1f9c0dd58862

SHA1
e1b30107a348534b04992a1cb1fb6fa073e55722

SHA256
b701c5b0311e987592ded1d1dcf87f35378850d6e47ed973d07a93ddc32caf1c

SHA512
e412c3b484805ee8d7344e9e2863fbe0c43966e8b2ad63593774d3f7d03b129e8cd408c4797420fb5fa170af31cbf5029a550679e645f2e52c69f99aa9e44235

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe

Filesize
184KB

MD5
cd7e65bcbd22cfb7b45f2ec9aee2f212

SHA1
2a5e67b2c0b97c76c1f11cad4274e203384f63fc

SHA256
d9ca8554e4014a93aeedd295c15d39f734823fc2de442908b3c5d88fa15afe85

SHA512
9c7dd6df983b50693a00b643b4c9bc77de64b3f6c84d86f3efcb1dcdd81ff9c6ef82973ea04928bd48fb09907013932697ccaeb33970a268b000b7816eb45503

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe

Filesize
184KB

MD5
68328208daca66a11546e320a2e82010

SHA1
fc67c386a50dc38717f4f9c59bb07e875359c34b

SHA256
2294b8e584dd4c9462eddfd2986ef9db92cf7ee1df0def371991848469009199

SHA512
0d8b1f3e2b0b0bd2a2277af1fdec14f6f2d469ea554298058df3e3203450009f3011fc75252d0b2179e264609e664dbdf5461b987c8cfc2f693d69307a4a4f9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe

Filesize
184KB

MD5
b0f0e62cf5fa72eceeebc7cc475fb564

SHA1
0b2d99b8879429e2d1ae15623725aa8b1f08f2e3

SHA256
7d36ec46a8ec1906cf18db1e42b6686adc108136ff8997321e15198cbcd51dc4

SHA512
adb06e2f053187ae7265d25d1123e0185856570315ef92657d0576bf103dc62658a685f222b7a234234e0cd49c896e7e747bff1fad654cea2b070cf966dc92ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13884.exe

Filesize
184KB

MD5
7a6342606d89a89e009a4d8a516f9a93

SHA1
c030603e112230cb0f2c64e8aa8cd65a7ae92672

SHA256
20c0f60a7e66df989b12646e96a70819bf88e0868741397c266619d2b3384559

SHA512
7aa07adf1a673adba5f8d3ad7f941bb0e916a629424d3a5a6efe15deb6c5874f2cd6689671b5f86c94aa9c7aeafd349291912fa3754b4e5f8b044c701dac713f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe

Filesize
184KB

MD5
3f7690b279aa3970225f18a81556bdb1

SHA1
6ae242b3a42956d1acb3f866877d3fec0dbcf1b7

SHA256
9296118580645d77197a898b8abd30bbc465550eb022e353a6f6c5ba52393fd8

SHA512
f165fe27a7ad63ad9fe819b6346a182b7b8bec906b72b5367db581975c6e7bc7a2152c0e55619430367a98a17adf5a787429d4aeb2cb61ffad71687f5c342086

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34885.exe

Filesize
184KB

MD5
2efe567061073303861eee065f251761

SHA1
b4a087dbb7b6bd906f48f3a638934689861cf7a9

SHA256
8f810b19d44285a253e8a0f8a6b2bf30b423d5c65a0b65c293554af4488b458b

SHA512
0e4ee47adb7a23206f1c0ff52da76048f1d45241bbc47b15553b4b8f47cdc0655b47063016ef64ddba50e7c4c1fe503bec08d4c55542f4035dcbf518eb6a45bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe

Filesize
184KB

MD5
4de6e9cb9c231b598ff4aa9c45f174d2

SHA1
722c1cbabcdd6f5302dca65e45d8e986051eed7d

SHA256
c967551bab763f177dbddc2b0fe88ef004209fa48a31d6bb9dce4eb38b51609c

SHA512
dbb3c3cd0243fe8c3a93869b373898a8997b885d0928c2e842be19ce1d5be2307b6c37febddc8e202c5009bcb42928037505ba74401838ceeb969ddb99035542

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49551.exe

Filesize
184KB

MD5
4a13c2e0bf03f08132fc70f4133b8102

SHA1
a55fbe0119ec557d7625139dd3b2ed40a5e2423b

SHA256
5b311a31b9728c8282c437556a263222c2c3ac2817d8c56525c33082d2547243

SHA512
626c3c812f8cfe91616577ee7be3af0491e2bdbfa086fd0d396214992878b9fb2340c7904f53f62f93b552815fb5c61e30eb0c3729bb0e6cb78707bdee0a2dc1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe

Filesize
184KB

MD5
238b93a02759022401bc05b9aacc5051

SHA1
0c3f7072153d70d16dd030dc06b4cced23bda502

SHA256
a05a367028c4e62e35d297e30a0885e9d32f3a85e5a7f46fd958be9ec4f71a16

SHA512
fd71c7b45fb6ab52f9121d8cce66a046a9cd8b2faabc755770c672865af3c1f7a40fe12b207b8079994acac56887c40427a3591fc1dcea648958b679ea82056e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58918.exe

Filesize
184KB

MD5
9c2163973b3631475aa479e2e842de12

SHA1
a06a8f03a2f0796e74204db946880dcd33288240

SHA256
4a6f486564d5be3ef915e3791edaf33ec6d0341d674f76b142e51b14b27d7967

SHA512
a973392d917e7ebce94192b2862a3603768042fefb38fb7473470b468977ee502fd94d6a7197d9eb4cde38f29eb575074985418eba0047df231d0791c5e00341

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads