67fe15d6a8b6d8bf68c562e6e62fb7915b0f048d08832a3e4d766a0a7c4351ef

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29-05-2024 08:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe
Size

184KB
MD5

4c5d32b672614f4655a727c06ff65c80
SHA1

51346b55807042054880ff88eb85980109f4dce4
SHA256

67fe15d6a8b6d8bf68c562e6e62fb7915b0f048d08832a3e4d766a0a7c4351ef
SHA512

e668689ac2163ac2ad7c8725bbfed679dc871a05befedc711a9a41e2134058d5eaa61cd186b40cbd8a01e375fad0e4f491229e092aa0cc7eba15d79f3da5502b
SSDEEP

3072:G/7op7o37P6ZIHt3WENRxK8G9ln4ivvn3:G/KouOHtdR48G9ln4ivv

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1424	Unicorn-38231.exe
2608	Unicorn-55849.exe
1700	Unicorn-44152.exe
2756	Unicorn-51568.exe
2632	Unicorn-43208.exe
2688	Unicorn-39870.exe
348	Unicorn-43047.exe
1676	Unicorn-47878.exe
1956	Unicorn-23250.exe
2492	Unicorn-32487.exe
1788	Unicorn-28957.exe
2804	Unicorn-39233.exe
2172	Unicorn-47593.exe
2288	Unicorn-52424.exe
2896	Unicorn-39617.exe
2260	Unicorn-47785.exe
792	Unicorn-36087.exe
1488	Unicorn-64313.exe
580	Unicorn-52616.exe
984	Unicorn-50027.exe
1536	Unicorn-55927.exe
996	Unicorn-43312.exe
656	Unicorn-39782.exe
2124	Unicorn-59648.exe
1528	Unicorn-33800.exe
2464	Unicorn-22294.exe
852	Unicorn-58496.exe
2976	Unicorn-1127.exe
1756	Unicorn-63327.exe
1716	Unicorn-25824.exe
1588	Unicorn-22486.exe
3048	Unicorn-45650.exe
2768	Unicorn-33952.exe
2780	Unicorn-61986.exe
2616	Unicorn-5001.exe
2636	Unicorn-9640.exe
2960	Unicorn-52666.exe
2488	Unicorn-40968.exe
1836	Unicorn-3657.exe
756	Unicorn-61026.exe
1972	Unicorn-320.exe
352	Unicorn-9557.exe
3000	Unicorn-5110.exe
2320	Unicorn-37975.exe
1980	Unicorn-36173.exe
2816	Unicorn-15198.exe
1768	Unicorn-15198.exe
2928	Unicorn-31535.exe
2024	Unicorn-19837.exe
2300	Unicorn-48063.exe
2152	Unicorn-44534.exe
1764	Unicorn-16673.exe
1624	Unicorn-33009.exe
2076	Unicorn-21503.exe
3004	Unicorn-48193.exe
1728	Unicorn-11991.exe
1584	Unicorn-9464.exe
2064	Unicorn-58665.exe
2644	Unicorn-1296.exe
2764	Unicorn-35614.exe
2604	Unicorn-14679.exe
2292	Unicorn-51073.exe
548	Unicorn-54368.exe
1796	Unicorn-50606.exe

Loads dropped DLL 64 IoCs

pid	Process
1252	4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe
1252	4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe
1424	Unicorn-38231.exe
1252	4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe
1424	Unicorn-38231.exe
1252	4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe
1700	Unicorn-44152.exe
2608	Unicorn-55849.exe
1700	Unicorn-44152.exe
2608	Unicorn-55849.exe
1424	Unicorn-38231.exe
1424	Unicorn-38231.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2756	Unicorn-51568.exe
2756	Unicorn-51568.exe
2608	Unicorn-55849.exe
2608	Unicorn-55849.exe
2688	Unicorn-39870.exe
2688	Unicorn-39870.exe
2632	Unicorn-43208.exe
2632	Unicorn-43208.exe
1700	Unicorn-44152.exe
1700	Unicorn-44152.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2184	WerFault.exe
1676	Unicorn-47878.exe
1676	Unicorn-47878.exe
348	Unicorn-43047.exe
348	Unicorn-43047.exe
2756	Unicorn-51568.exe
2756	Unicorn-51568.exe
2492	Unicorn-32487.exe
2492	Unicorn-32487.exe
1788	Unicorn-28957.exe
1788	Unicorn-28957.exe
2632	Unicorn-43208.exe
2632	Unicorn-43208.exe
1956	Unicorn-23250.exe
1956	Unicorn-23250.exe
2688	Unicorn-39870.exe
2688	Unicorn-39870.exe
1576	WerFault.exe
1576	WerFault.exe
1576	WerFault.exe
1576	WerFault.exe
1576	WerFault.exe
1124	WerFault.exe
1124	WerFault.exe
1124	WerFault.exe
1124	WerFault.exe
1124	WerFault.exe
2340	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2668	1252	WerFault.exe	27
2568	1424	WerFault.exe	28
2184	1700	WerFault.exe	30
2436	2608	WerFault.exe	29
1576	2756	WerFault.exe	33
1124	2688	WerFault.exe	34
2340	2632	WerFault.exe	32
2700	1676	WerFault.exe	37
2428	348	WerFault.exe	36
2696	2492	WerFault.exe	39
2540	1788	WerFault.exe	40
2708	1956	WerFault.exe	38
3040	2804	WerFault.exe	43
2736	2288	WerFault.exe	45
828	2172	WerFault.exe	44
620	1488	WerFault.exe	49
1512	792	WerFault.exe	48
1420	2260	WerFault.exe	47
2120	2896	WerFault.exe	46
2088	580	WerFault.exe	50
2856	984	WerFault.exe	54
2868	1536	WerFault.exe	55
2580	996	WerFault.exe	56
896	2124	WerFault.exe	57
1568	656	WerFault.exe	58
2716	1528	WerFault.exe	59
760	2464	WerFault.exe	60
2108	852	WerFault.exe	61
788	1756	WerFault.exe	63
928	1716	WerFault.exe	64
820	1588	WerFault.exe	65
1604	2976	WerFault.exe	62
3280	2768	WerFault.exe	69
3292	3048	WerFault.exe	68
3312	2780	WerFault.exe	70
3572	2636	WerFault.exe	75
3612	2488	WerFault.exe	77
3604	352	WerFault.exe	81
3732	756	WerFault.exe	79
3748	2616	WerFault.exe	74
3776	1972	WerFault.exe	80
3800	2320	WerFault.exe	83
3832	2816	WerFault.exe	85
3996	2772	WerFault.exe	147
3724	2076	WerFault.exe	96
3904	1624	WerFault.exe	95
3896	1764	WerFault.exe	94
3972	1836	WerFault.exe	78
4024	2152	WerFault.exe	90
3192	2604	WerFault.exe	108
3276	548	WerFault.exe	110
3300	1948	WerFault.exe	112
3308	1368	WerFault.exe	122
3368	1980	WerFault.exe	84
3484	1768	WerFault.exe	86
3492	1476	WerFault.exe	121
3472	3068	WerFault.exe	125
3520	2292	WerFault.exe	109
3700	1028	WerFault.exe	124
3872	2168	WerFault.exe	114
3740	2612	WerFault.exe	117
3884	2264	WerFault.exe	118
3892	2992	WerFault.exe	126
3212	644	WerFault.exe	120

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1252	4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe
1424	Unicorn-38231.exe
2608	Unicorn-55849.exe
1700	Unicorn-44152.exe
2756	Unicorn-51568.exe
2632	Unicorn-43208.exe
2688	Unicorn-39870.exe
348	Unicorn-43047.exe
1676	Unicorn-47878.exe
2492	Unicorn-32487.exe
1956	Unicorn-23250.exe
1788	Unicorn-28957.exe
2804	Unicorn-39233.exe
2172	Unicorn-47593.exe
2288	Unicorn-52424.exe
1488	Unicorn-64313.exe
792	Unicorn-36087.exe
2896	Unicorn-39617.exe
2260	Unicorn-47785.exe
580	Unicorn-52616.exe
984	Unicorn-50027.exe
1536	Unicorn-55927.exe
996	Unicorn-43312.exe
2124	Unicorn-59648.exe
656	Unicorn-39782.exe
1528	Unicorn-33800.exe
2464	Unicorn-22294.exe
852	Unicorn-58496.exe
2976	Unicorn-1127.exe
1756	Unicorn-63327.exe
1716	Unicorn-25824.exe
1588	Unicorn-22486.exe
3048	Unicorn-45650.exe
2768	Unicorn-33952.exe
2780	Unicorn-61986.exe
2616	Unicorn-5001.exe
2636	Unicorn-9640.exe
2960	Unicorn-52666.exe
2488	Unicorn-40968.exe
1836	Unicorn-3657.exe
756	Unicorn-61026.exe
1972	Unicorn-320.exe
352	Unicorn-9557.exe
3000	Unicorn-5110.exe
2320	Unicorn-37975.exe
1980	Unicorn-36173.exe
2816	Unicorn-15198.exe
1768	Unicorn-15198.exe
2928	Unicorn-31535.exe
2300	Unicorn-48063.exe
2024	Unicorn-19837.exe
2152	Unicorn-44534.exe
1764	Unicorn-16673.exe
1624	Unicorn-33009.exe
2076	Unicorn-21503.exe
3004	Unicorn-48193.exe
1728	Unicorn-11991.exe
1584	Unicorn-9464.exe
2064	Unicorn-58665.exe
2644	Unicorn-1296.exe
2764	Unicorn-35614.exe
2604	Unicorn-14679.exe
2292	Unicorn-51073.exe
548	Unicorn-54368.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 1424	1252	4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe	28
PID 1252 wrote to memory of 1424	1252	4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe	28
PID 1252 wrote to memory of 1424	1252	4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe	28
PID 1252 wrote to memory of 1424	1252	4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe	28
PID 1424 wrote to memory of 2608	1424	Unicorn-38231.exe	29
PID 1424 wrote to memory of 2608	1424	Unicorn-38231.exe	29
PID 1424 wrote to memory of 2608	1424	Unicorn-38231.exe	29
PID 1424 wrote to memory of 2608	1424	Unicorn-38231.exe	29
PID 1252 wrote to memory of 1700	1252	4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe	30
PID 1252 wrote to memory of 1700	1252	4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe	30
PID 1252 wrote to memory of 1700	1252	4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe	30
PID 1252 wrote to memory of 1700	1252	4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe	30
PID 1252 wrote to memory of 2668	1252	4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe	31
PID 1252 wrote to memory of 2668	1252	4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe	31
PID 1252 wrote to memory of 2668	1252	4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe	31
PID 1252 wrote to memory of 2668	1252	4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe	31
PID 1700 wrote to memory of 2632	1700	Unicorn-44152.exe	32
PID 1700 wrote to memory of 2632	1700	Unicorn-44152.exe	32
PID 1700 wrote to memory of 2632	1700	Unicorn-44152.exe	32
PID 1700 wrote to memory of 2632	1700	Unicorn-44152.exe	32
PID 2608 wrote to memory of 2756	2608	Unicorn-55849.exe	33
PID 2608 wrote to memory of 2756	2608	Unicorn-55849.exe	33
PID 2608 wrote to memory of 2756	2608	Unicorn-55849.exe	33
PID 2608 wrote to memory of 2756	2608	Unicorn-55849.exe	33
PID 1424 wrote to memory of 2688	1424	Unicorn-38231.exe	34
PID 1424 wrote to memory of 2688	1424	Unicorn-38231.exe	34
PID 1424 wrote to memory of 2688	1424	Unicorn-38231.exe	34
PID 1424 wrote to memory of 2688	1424	Unicorn-38231.exe	34
PID 1424 wrote to memory of 2568	1424	Unicorn-38231.exe	35
PID 1424 wrote to memory of 2568	1424	Unicorn-38231.exe	35
PID 1424 wrote to memory of 2568	1424	Unicorn-38231.exe	35
PID 1424 wrote to memory of 2568	1424	Unicorn-38231.exe	35
PID 2756 wrote to memory of 348	2756	Unicorn-51568.exe	36
PID 2756 wrote to memory of 348	2756	Unicorn-51568.exe	36
PID 2756 wrote to memory of 348	2756	Unicorn-51568.exe	36
PID 2756 wrote to memory of 348	2756	Unicorn-51568.exe	36
PID 2608 wrote to memory of 1676	2608	Unicorn-55849.exe	37
PID 2608 wrote to memory of 1676	2608	Unicorn-55849.exe	37
PID 2608 wrote to memory of 1676	2608	Unicorn-55849.exe	37
PID 2608 wrote to memory of 1676	2608	Unicorn-55849.exe	37
PID 2688 wrote to memory of 1956	2688	Unicorn-39870.exe	38
PID 2688 wrote to memory of 1956	2688	Unicorn-39870.exe	38
PID 2688 wrote to memory of 1956	2688	Unicorn-39870.exe	38
PID 2688 wrote to memory of 1956	2688	Unicorn-39870.exe	38
PID 2632 wrote to memory of 2492	2632	Unicorn-43208.exe	39
PID 2632 wrote to memory of 2492	2632	Unicorn-43208.exe	39
PID 2632 wrote to memory of 2492	2632	Unicorn-43208.exe	39
PID 2632 wrote to memory of 2492	2632	Unicorn-43208.exe	39
PID 1700 wrote to memory of 1788	1700	Unicorn-44152.exe	40
PID 1700 wrote to memory of 1788	1700	Unicorn-44152.exe	40
PID 1700 wrote to memory of 1788	1700	Unicorn-44152.exe	40
PID 1700 wrote to memory of 1788	1700	Unicorn-44152.exe	40
PID 1700 wrote to memory of 2184	1700	Unicorn-44152.exe	41
PID 1700 wrote to memory of 2184	1700	Unicorn-44152.exe	41
PID 1700 wrote to memory of 2184	1700	Unicorn-44152.exe	41
PID 1700 wrote to memory of 2184	1700	Unicorn-44152.exe	41
PID 2608 wrote to memory of 2436	2608	Unicorn-55849.exe	42
PID 2608 wrote to memory of 2436	2608	Unicorn-55849.exe	42
PID 2608 wrote to memory of 2436	2608	Unicorn-55849.exe	42
PID 2608 wrote to memory of 2436	2608	Unicorn-55849.exe	42
PID 1676 wrote to memory of 2804	1676	Unicorn-47878.exe	43
PID 1676 wrote to memory of 2804	1676	Unicorn-47878.exe	43
PID 1676 wrote to memory of 2804	1676	Unicorn-47878.exe	43
PID 1676 wrote to memory of 2804	1676	Unicorn-47878.exe	43

C:\Users\Admin\AppData\Local\Temp\4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4c5d32b672614f4655a727c06ff65c80_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38231.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38231.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51568.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47593.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59648.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50606.exe
        9⤵
        Executes dropped EXE
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        10⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        11⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10233.exe
        12⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28805.exe
        13⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19525.exe
        14⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16400.exe
        15⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
        14⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
        13⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
        12⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        11⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 216
        10⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        9⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        10⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28555.exe
        11⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        12⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
        13⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
        13⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 216
        12⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
        11⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 216
        10⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 220
        9⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55437.exe
        8⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        9⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50326.exe
        10⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
        11⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61093.exe
        12⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
        13⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35102.exe
        14⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 236
        14⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 216
        13⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        11⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 216
        10⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 216
        9⤵
        Program crash
        
        PID:3300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        8⤵
        Program crash
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40968.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe
        9⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21799.exe
        10⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25117.exe
        11⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
        12⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20760.exe
        13⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49072.exe
        14⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
        12⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        11⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
        9⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe
        10⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4351.exe
        11⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29.exe
        12⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        13⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7053.exe
        14⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 216
        13⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
        12⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 220
        11⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 216
        10⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
        9⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59423.exe
        9⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
        10⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17860.exe
        11⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        12⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37525.exe
        13⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 216
        13⤵
        
        PID:12508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
        12⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
        11⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        10⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
        9⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
        8⤵
        Program crash
        
        PID:3612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
        7⤵
        Program crash
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39782.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3657.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        8⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        9⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        10⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        11⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
        12⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
        13⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54521.exe
        14⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
        13⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
        12⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
        11⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 216
        10⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 216
        9⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        8⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34312.exe
        9⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61847.exe
        10⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53200.exe
        11⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
        12⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
        13⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 216
        12⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
        11⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 236
        10⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 216
        9⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
        8⤵
        Program crash
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        7⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
        8⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
        9⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44808.exe
        10⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        11⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        12⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48548.exe
        13⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8852 -s 216
        12⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
        11⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
        10⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 216
        9⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 216
        8⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 240
        7⤵
        Program crash
        
        PID:1568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 240
        6⤵
        Program crash
        
        PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52424.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51073.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31141.exe
        9⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42511.exe
        10⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25812.exe
        11⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57543.exe
        12⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57972.exe
        13⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        14⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 216
        14⤵
        
        PID:12992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 236
        13⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        12⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        11⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 236
        10⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17466.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        10⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe
        11⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
        12⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        13⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46462.exe
        14⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
        13⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 220
        12⤵
        
        PID:10168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
        11⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        10⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
        9⤵
        Program crash
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44140.exe
        8⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23217.exe
        9⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-783.exe
        10⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
        11⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
        12⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17723.exe
        13⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11004 -s 236
        13⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 216
        12⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
        11⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
        10⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 216
        9⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
        8⤵
        Program crash
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        8⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48318.exe
        9⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20130.exe
        10⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44456.exe
        11⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43147.exe
        12⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        13⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 216
        12⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
        11⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        10⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 236
        9⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 216
        8⤵
        Program crash
        
        PID:3276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 240
        7⤵
        Program crash
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9640.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        8⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 244
        9⤵
        Program crash
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56086.exe
        8⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        9⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
        10⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
        11⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20997.exe
        12⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 216
        12⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
        11⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
        10⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 236
        9⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
        8⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        7⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26559.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14316.exe
        8⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50560.exe
        9⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        10⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
        11⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
        12⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10976 -s 236
        12⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
        10⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 236
        9⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 220
        8⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        7⤵
        Program crash
        
        PID:3572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
        6⤵
        Program crash
        
        PID:2736
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39233.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50027.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45650.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31888.exe
        9⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28074.exe
        10⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15755.exe
        11⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
        12⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
        13⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44688.exe
        14⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        15⤵
        
        PID:12480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 220
        14⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 220
        13⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
        12⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
        11⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61618.exe
        10⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
        11⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53750.exe
        12⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
        13⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe
        14⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 220
        13⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
        12⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
        11⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
        10⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
        9⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34011.exe
        10⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe
        11⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe
        12⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
        13⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
        14⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 216
        13⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
        12⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        11⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
        10⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 220
        9⤵
        Program crash
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16729.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe
        9⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
        10⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53168.exe
        11⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37108.exe
        12⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe
        13⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 220
        13⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 220
        12⤵
        
        PID:10076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        11⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
        10⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
        9⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
        8⤵
        Program crash
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        9⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
        10⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
        11⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43453.exe
        12⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62829.exe
        13⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
        12⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
        11⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        10⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        9⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 216
        8⤵
        Program crash
        
        PID:3724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 240
        7⤵
        Program crash
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33952.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16673.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14975.exe
        8⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
        9⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34203.exe
        10⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
        11⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20144.exe
        12⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19525.exe
        13⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
        14⤵
        
        PID:12700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
        12⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        11⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
        10⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
        9⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51165.exe
        10⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44456.exe
        11⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe
        12⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39560.exe
        13⤵
        
        PID:12296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8912 -s 220
        12⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
        11⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        10⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
        9⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
        8⤵
        Program crash
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36142.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
        8⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        9⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
        10⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
        11⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        12⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        13⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
        12⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
        11⤵
        
        PID:10116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        10⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
        9⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
        8⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
        7⤵
        Program crash
        
        PID:3280
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
        6⤵
        Program crash
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61986.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48193.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
        8⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51255.exe
        9⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
        10⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        11⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
        11⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57173.exe
        12⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37437.exe
        13⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10336 -s 216
        13⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 236
        12⤵
        
        PID:10396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 220
        11⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 236
        9⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
        8⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        9⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 220
        10⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
        9⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
        8⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10014.exe
        7⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
        8⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61634.exe
        9⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11144.exe
        10⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59936.exe
        11⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        12⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 236
        12⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
        11⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
        10⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        9⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
        8⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        7⤵
        Program crash
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        8⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
        9⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61093.exe
        10⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        11⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39560.exe
        12⤵
        
        PID:13308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 216
        11⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        10⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
        9⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
        8⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56086.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47711.exe
        8⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
        9⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2463.exe
        10⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1730.exe
        11⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61519.exe
        12⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 216
        11⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
        10⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
        9⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        8⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
        7⤵
        
        PID:4448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
        6⤵
        Program crash
        
        PID:2868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
        5⤵
        Program crash
        
        PID:2700
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33800.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61026.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35614.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22973.exe
        9⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10715.exe
        10⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45682.exe
        11⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe
        12⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe
        13⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        14⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57987.exe
        15⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
        15⤵
        
        PID:12612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 220
        14⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 236
        13⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
        12⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        11⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
        10⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        10⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34995.exe
        11⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        12⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11600.exe
        13⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
        14⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11104 -s 236
        14⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 220
        13⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 220
        12⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
        11⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        10⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 220
        9⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44140.exe
        8⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27244.exe
        9⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        10⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26521.exe
        11⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24859.exe
        12⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        13⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
        13⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
        12⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
        11⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
        9⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
        8⤵
        Program crash
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16149.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        9⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65007.exe
        10⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17668.exe
        11⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        12⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
        13⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 216
        13⤵
        
        PID:12636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
        12⤵
        
        PID:10708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        11⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        10⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13901.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9999.exe
        9⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9172.exe
        10⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
        11⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
        12⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14427.exe
        13⤵
        
        PID:12944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11080 -s 236
        13⤵
        
        PID:13200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9036 -s 216
        12⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
        11⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
        10⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
        9⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
        8⤵
        Program crash
        
        PID:3192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        7⤵
        Program crash
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34727.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
        9⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
        10⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32770.exe
        11⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47112.exe
        12⤵
        
        PID:10368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8768 -s 216
        12⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
        11⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 220
        10⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        9⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
        8⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
        7⤵
        Program crash
        
        PID:3776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
        6⤵
        Program crash
        
        PID:620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22294.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5110.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        7⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
        9⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        10⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        10⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe
        11⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
        12⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26818.exe
        13⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 216
        12⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
        11⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 240
        10⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 236
        9⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
        8⤵
        Program crash
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        7⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        8⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27045.exe
        9⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3807.exe
        10⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20843.exe
        11⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29280.exe
        12⤵
        
        PID:13240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 216
        11⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 220
        10⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
        9⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 216
        8⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
        7⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47845.exe
        6⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        8⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13.exe
        9⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57466.exe
        10⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
        11⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
        12⤵
        
        PID:13008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 236
        12⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 216
        11⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
        10⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
        9⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        8⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 216
        7⤵
        
        PID:4912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
        6⤵
        Program crash
        
        PID:760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
        5⤵
        Program crash
        
        PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52616.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34654.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
        8⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        10⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3807.exe
        11⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27003.exe
        12⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        13⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 236
        13⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 204
        12⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
        11⤵
        
        PID:9836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 236
        10⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
        9⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 216
        8⤵
        Program crash
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45360.exe
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23956.exe
        9⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
        10⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
        11⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9272 -s 236
        11⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
        10⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        9⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 216
        8⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
        7⤵
        Program crash
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
        6⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe
        8⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
        9⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3911.exe
        10⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31282.exe
        11⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9600 -s 236
        11⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
        10⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 220
        9⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
        8⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 236
        7⤵
        Program crash
        
        PID:3212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        6⤵
        Program crash
        
        PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51182.exe
        6⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        7⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61312.exe
        8⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
        9⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
        10⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46608.exe
        11⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
        12⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 216
        11⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
        10⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
        9⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 236
        8⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
        7⤵
        Program crash
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        6⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44400.exe
        7⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61995.exe
        8⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19812.exe
        9⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
        10⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
        11⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
        10⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 236
        9⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
        8⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 216
        7⤵
        
        PID:6128
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        6⤵
        
        PID:3144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 240
        5⤵
        Program crash
        
        PID:2088
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1124
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44152.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44152.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43208.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32487.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9557.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4031.exe
        8⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59423.exe
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47197.exe
        10⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
        11⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        12⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43749.exe
        13⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 216
        13⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
        12⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
        11⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
        10⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 216
        9⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6885.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31074.exe
        9⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3443.exe
        10⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17158.exe
        11⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        12⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 216
        12⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
        11⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
        10⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        9⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
        8⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49895.exe
        7⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43279.exe
        8⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28555.exe
        10⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
        11⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
        12⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9308 -s 236
        12⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        10⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
        9⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
        8⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
        7⤵
        Program crash
        
        PID:3604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
        6⤵
        Program crash
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22486.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31535.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
        7⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        9⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18685.exe
        10⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55312.exe
        11⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
        12⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
        13⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 204
        12⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
        11⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        10⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
        9⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 236
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe
        7⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        8⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe
        9⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        10⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8829.exe
        11⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
        12⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 220
        11⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
        10⤵
        
        PID:10064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
        9⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        8⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        7⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63989.exe
        6⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        7⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34587.exe
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        9⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20419.exe
        10⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44688.exe
        11⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
        12⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 236
        12⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 220
        11⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
        10⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 220
        9⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 216
        8⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 236
        7⤵
        Program crash
        
        PID:3308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
        6⤵
        Program crash
        
        PID:820
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
        5⤵
        Program crash
        
        PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36087.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37975.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        7⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
        8⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
        9⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20963.exe
        10⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13070.exe
        11⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1206.exe
        12⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 220
        12⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 216
        11⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
        10⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
        9⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 216
        8⤵
        Program crash
        
        PID:3872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
        7⤵
        Program crash
        
        PID:3800
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 236
        6⤵
        Program crash
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36173.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34846.exe
        6⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
        7⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        8⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6014.exe
        9⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        10⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37755.exe
        11⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        12⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 216
        11⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
        10⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
        9⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 236
        8⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 216
        7⤵
        Program crash
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62972.exe
        6⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        7⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe
        8⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
        9⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7303.exe
        10⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50011.exe
        11⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 236
        11⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 216
        10⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
        9⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
        8⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 216
        7⤵
        
        PID:6016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 220
        6⤵
        Program crash
        
        PID:3368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 240
        5⤵
        Program crash
        
        PID:1512
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28957.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28957.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48063.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe
        7⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
        9⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-612.exe
        10⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
        11⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60142.exe
        12⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 216
        12⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
        11⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 236
        10⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 216
        9⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 216
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62972.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14716.exe
        8⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        9⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        10⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
        11⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44422.exe
        12⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11028 -s 236
        12⤵
        
        PID:12980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 216
        11⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 216
        10⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
        9⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
        8⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        7⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22956.exe
        6⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
        7⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25438.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
        9⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
        10⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        11⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
        12⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
        11⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
        10⤵
        
        PID:9420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
        8⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 216
        7⤵
        Program crash
        
        PID:3884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        6⤵
        Program crash
        
        PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44534.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34846.exe
        6⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
        8⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20304.exe
        9⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        10⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3432.exe
        11⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23224.exe
        12⤵
        
        PID:13280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 220
        11⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
        10⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        9⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        8⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
        7⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38467.exe
        6⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59392.exe
        7⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
        9⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51346.exe
        10⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
        11⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8556 -s 216
        10⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 236
        9⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 236
        8⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        7⤵
        
        PID:5268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
        6⤵
        Program crash
        
        PID:4024
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
        5⤵
        Program crash
        
        PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63327.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
        6⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59008.exe
        8⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
        9⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
        10⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
        11⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38844.exe
        12⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
        11⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
        10⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 220
        9⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 216
        8⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 216
        7⤵
        Program crash
        
        PID:3492
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
        6⤵
        Program crash
        
        PID:3832
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
        5⤵
        Program crash
        
        PID:788
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
      4⤵
      Program crash
      PID:2540
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
  2⤵
  - Program crash
  PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe

Filesize
184KB

MD5
37310e25e2c88a3134a101d594b47be8

SHA1
58f41bb635ccffa807b2c4b01d9c26454557fcca

SHA256
3122974fb652ba0abb48e99f457cb779ebc4938b571b451b3b9b367389b68ee2

SHA512
3b78ad704055e0b4332030f280b27f79b1514282653ba6de083749b919e613a3c5d2faac295cb8d002886f44598fe7186af4e77f22b4a93876297f03572da755

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe

Filesize
184KB

MD5
574b50cca86006c20ebef844470d8e5c

SHA1
4262416970ec83e5990996be6c3c9dea72e9e66a

SHA256
12e7aee81f18aafa9f92761fa7a12aed33159ce1e59b6e1fc7445716cb43c48b

SHA512
56339ccd3e2be899d356cd64fd85a7e9b336a6c5c54afb26634fc80c281c3d655c4e012a30cdf7f6d9de755cb1a1524d6caad6b4c23bdf0e54e6eb7dc70d0411

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27045.exe

Filesize
184KB

MD5
80825060d34f268fbad5a2914e7dffaa

SHA1
7478a30f325980aad98777c97a3d4e03bdd1845a

SHA256
9601eb8329d3fab71b6cd26c3940646924fe2744a4dd09f572154b040ab017b6

SHA512
2f6ea00ec78a04f8378d66eb1e35cf51783bba55134ff06de2759d93552d2082bc8fc0d292c7e4ac4ea8d015bb3029236ffdd2ac2e4dfe621804029d623c10dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28957.exe

Filesize
184KB

MD5
ffa3b688228fac98beee3bcd723d3ba2

SHA1
448319cc404c84a5129ee2a97559d10e2e4533bd

SHA256
dcdda822105b67e5406b8290ddc5870fec4c9b537586568b76f608a525e82dad

SHA512
a2f30f75237f600391b31c56f15000b28bdf35073214d17b95c61be47ebbee40a0cd5a35a49fa89c54afdb28e2bf4ff1ae618dc059a8916df5dbefa61d3c8e1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32487.exe

Filesize
184KB

MD5
a77c5cdf2c17b3f021777e7525c3b8b5

SHA1
476feca15513dfeae69201b5b1878b4392ddd04e

SHA256
3e29c22d0e845c1244d40f98ed135322ed18dc5f8f022413c596de651782aaa4

SHA512
674f5dd070965123c67e27ef81bb1c3afad169890b4dedf671326cfbbf589d429f30efa753df3a6a015cf82ad618231e67c0b2847d6e28eb3b733a5bfc2be1d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34587.exe

Filesize
184KB

MD5
651adb9253ec0c213bcc163acea14353

SHA1
3aa51b1dd3871869ae16be22737791a5d2405c1b

SHA256
c15b5daceab775efcf2990860ff54a5fe3019cae424ac47b9c660e518b8d401a

SHA512
e20e432a8b0fe4ab4ba0ca9992581d1867731a9d3e64cc26a5dfea0f9d45f742915b3a1b33702e8d9bc95087c191d0f9d104852b93fbeebb1837556b4a949823

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe

Filesize
184KB

MD5
eaf3f6256de5fc2f4b9cb381e6418ce5

SHA1
24b803949a76465eca87bcc293497fdcc50bfaf8

SHA256
9cf37adf123b60fba69117dda4aa952345b8cff41637d3d4511771b37684b2a1

SHA512
5c873ff3aa4bdef320dbe53badea301eb3e091a7ec1b4bbc34910b66e38a80218570c608064cb76cd00e18340334c9f0e889d615b9e032928e13995608e8a3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe

Filesize
184KB

MD5
16cb76ed12ecc4c959281cf683d6de44

SHA1
517f441d5cab595769a61d07c3c6a8d988f6eb92

SHA256
4611cb4d701f7014b8c7b6242c056c2a85235271621786b9a33471c93e4c217c

SHA512
9a5e4d7674bdd9a1287707e4acca00fb0ed2cf0029517b5127f8f406f2f4d13fd1afc685f4b7d9afe6ff604ce85b0cd5cb6e93119260c17c6b307a5dd1559863

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe

Filesize
184KB

MD5
a46aad32ee00ccdd4cd76462b34820b3

SHA1
5c6c6871c10ec44a9b7338fb77a8e4496b61e7ba

SHA256
06ca60ba1a65608b7c9a01b5ca8a46c1c58231b8d9554c01df1538a3b72f57ae

SHA512
d48786a3e541a82205ee984332626adcfc18e7249f3bd11b064d9b4293dd0b77c84b4386d4cdc6beec6217a37cdb56d685aa98a6843094fd71668ac711c2fdff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51568.exe

Filesize
184KB

MD5
bb421f94fe12f4896e930254383cbe1f

SHA1
7a0c5292f812872133f1bed62534805e791ef354

SHA256
1b1efae63d403357e0bee02225f0bf9eb15709c23eb2c4fec9d08e87c06fc190

SHA512
c65c758db89d4e91f552fdbdbeefd825c930d12b680be50724f1e98187bf13eaa54d4b5e7b8a4693758b4a2cd63d9fe0a123e75ccc6892019a01e1af1f77b9f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe

Filesize
184KB

MD5
c995172f94d6f6215befa33c3231bb2f

SHA1
123a3b6030b870b4f8c20137bba1e0def58862bf

SHA256
26b8859672a805c45265f73775bf1e7b8bff0854b898b86b0d0ff3e369779e8a

SHA512
00dda450320b08386b2120d8aa4c143935fd4cc57fbf044ae65807230a7103baf265007d7edf3037265a4ea5a6a90e49f5e0a2b0ee719d49c061484c837ffa50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe

Filesize
184KB

MD5
7dad8452d7e85c69d03c70f03135bc74

SHA1
354c72226d6324eba29168208626931cfaa2dfa5

SHA256
30b6ba582ae1812cd174f00f01a44600244a507d14f9f8fdcbc769850f136843

SHA512
079fe7864cb599482d3f0b3d308d29c0b41485923fb69ad0bfbe4b163be5a652f72a9f69da60eeab83dcde08acc668e8d2822ade0342418f6f44699d73bbe04f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38231.exe

Filesize
184KB

MD5
23a64196ec17677986ab0db927c8edd8

SHA1
ae29897b9eae713b4149e442ea0e22107367ca4a

SHA256
47a08235a08ecef3db0a54827c58a7d6dbeff0478fac966ce3c14f12a8496b53

SHA512
b2ec9944f427d7a4b4f0950f60fe00b14e9e434acee2631bd09b55362f2506fe3b2864a2b28a1d64496ced619dd5c13b8c2d083d53e306b61ee035962f47dd00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39233.exe

Filesize
184KB

MD5
d3c08498ef6226a9ac7b8dcbe97bf9c0

SHA1
2b7c3b694e5bb9f8f79dcb24784c1749d5d6b5b5

SHA256
76946cda5c1e2d21d85d15ad7a8e5b8c4ef3b770b8cbb04b08654e3dee01cf8f

SHA512
5390a5ae545e476939eed4601c75a93c01adc518d8a1567a5d0ae4d512ec87e73166946db0429d9f461046235d27631feaa58126bf5ca8b2f9efc5591d691f59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe

Filesize
184KB

MD5
d34aa19aa210feebb50c9bdb9cdabf70

SHA1
f7566bab8099a1b0ba075e1c01b0967df4310eee

SHA256
e6946aa29086e52bcc362eaff59e5d1cc31ec85d01e17c6c1b860d59e39956fd

SHA512
759273e51747c722481be24ce998f6df5983a368901e737b2a07c6d8820b35792f5590141467b41ba0220a793b425541680e8dc00e3a0b5d84e39118d0b13b66

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe

Filesize
184KB

MD5
7fa8b9e683cdee2404032898585b59ae

SHA1
7bf2dac86bff1b8279bc0df1d6d80e0b0b5d2ed0

SHA256
249474e56ff9bc3d6d04f76fe33d65b2091319f0e23c58c25b871d24f58843df

SHA512
1909f5c7d13715dc57895ca1e58a92c26c8d36ca03f7e57eaefd2289fdfe8f97bf97a4ed57113a3c10cb1a85560b5fb7e6c6bc67f67d5e70fe34db6c0004e2b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43208.exe

Filesize
184KB

MD5
7d7fcdc5749237378d4d9c310460c2f2

SHA1
478cae22f4aaa7ec70367e2030ddb6915bf509cb

SHA256
57c91e8859050956bbc355501ce5e9002be00f0fc0a1ebb610b9bc90d4d89a6e

SHA512
c17235c67a0dbda0669bac7e7b98d0d364095c4476669f70f78102570fce4954b70997be101e344f5a89083fb690d8fc9b146fb5a21e2c8bb50ab4a39a15bd0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44152.exe

Filesize
184KB

MD5
325e19bc485d0f9fe942265ddf2d049d

SHA1
a320b117640dfee93b8c331d7c4a1c398939c5fd

SHA256
0e072c8d387b9babdbfca48cab193e28b968e4b58e121b64394c969f7379b770

SHA512
e7451d5ba99bd6ea3e89dc344382a3c7745d3d18cb15a1425234e609cfa08a7b589dd6ebcad685347ab43c522bd70b36c4a592d438eb4acea5e083d6a766027c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47593.exe

Filesize
184KB

MD5
fe9c3252e3de5591197a760931e81bff

SHA1
60af71350be5f41f489679811d9f6171e75c5fd6

SHA256
12d9ad940e35161fd1a0eb72a54002f456c6efadc0519240e65be8af09edc47e

SHA512
f0d99aae495998241d93b16a117530e56a8b320add46a67f190da9d57f48f906c76a34f0aa4a8c326be2dca16b1d9526c8c81181f23b794e3ee5845182cc5476

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47878.exe

Filesize
184KB

MD5
5e0c59602140b94f29ea3e2ddf264bcc

SHA1
3f00bb8c6e3960b724ebd4dbd64bcf57f76eee07

SHA256
ca25ad37f108baee9895a607d9d315a1cc52683720064e7fb6430c1d7b128b80

SHA512
3de075eef3dff1b425b14bf4eadcc0b649613d76ccc0f5ca30b7d8fba815c1a5732e2026f6e6afd4eee9cca00724f1a29fadfd7b5bb2134e197a532c181464ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52424.exe

Filesize
184KB

MD5
265ffa7013d932c483f2b1cf6bc61886

SHA1
4964a61cf82a091c165f29d52174e26f453a3f83

SHA256
ac94f8374ccbe2e3846a7789c15f4010b7ed8ce749d81eee4268885b43f0e6f9

SHA512
c0dbb4f8dda87f7d7a003786a1757ecbb0a75886c09b248115b2dbe7af6818a83b76531ce9040b5fe8858740159e31c9d7fb9e50e16fc51365f6e67f091d63e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe

Filesize
184KB

MD5
98e0c6c78be247bfb223c2f7aa2c399f

SHA1
91b7ae32e25cc0787efed3c14206eb45705381c8

SHA256
ca889ddb88292a7c396b40708786fa73118a5f4a97f9b074fcdc77b9e79baec9

SHA512
f9906638775bb63031916ec1dbbbf9cb484318dbcc406919c35a51cd8565ab201defb6d113de142f95034baae85df5d4f6c4175709ed2dbc14f42c6ce5c1d9ed

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads