96df2d4f4f4a854ae50ef059909b0a91b813918da98bd11f04f3279a1c0e5fbd

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 01:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe
Size

184KB
MD5

5f19173e3a7b92a6d9d221070b5494a0
SHA1

f24739499384840e85652abbd7d8aee99ecf1888
SHA256

96df2d4f4f4a854ae50ef059909b0a91b813918da98bd11f04f3279a1c0e5fbd
SHA512

3023e8e122922d850c1d2aaa44d2309e1676880f6a6c43e31f0db723820ee453cf27dbee50f5dce1b6bd2ddee08153227392c8535555269377fa3d152b612467
SSDEEP

3072:HZhXBso52JEUdWu3eWeLRXsktlnViF+n3:HZYo1QWuIL9sktlnViF+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1680	Unicorn-42745.exe
2644	Unicorn-19640.exe
844	Unicorn-5368.exe
2732	Unicorn-50548.exe
1720	Unicorn-46142.exe
2516	Unicorn-5151.exe
1832	Unicorn-39926.exe
2696	Unicorn-35519.exe
1664	Unicorn-55385.exe
1844	Unicorn-1911.exe
2112	Unicorn-47931.exe
2820	Unicorn-375.exe
1748	Unicorn-61122.exe
2560	Unicorn-30587.exe
2772	Unicorn-21440.exe
780	Unicorn-3712.exe
2788	Unicorn-64221.exe
1800	Unicorn-44356.exe
2428	Unicorn-16474.exe
2100	Unicorn-49338.exe
1500	Unicorn-16666.exe
2016	Unicorn-62913.exe
1032	Unicorn-31583.exe
1244	Unicorn-62371.exe
2964	Unicorn-16700.exe
1148	Unicorn-40924.exe
2032	Unicorn-39039.exe
2904	Unicorn-58905.exe
1592	Unicorn-41884.exe
1728	Unicorn-21826.exe
2068	Unicorn-6715.exe
2376	Unicorn-54525.exe
2572	Unicorn-8853.exe
2680	Unicorn-4063.exe
2656	Unicorn-39388.exe
2928	Unicorn-65470.exe
1868	Unicorn-33182.exe
1808	Unicorn-13316.exe
2824	Unicorn-32990.exe
2024	Unicorn-28583.exe
2136	Unicorn-64126.exe
304	Unicorn-31454.exe
2916	Unicorn-50431.exe
1624	Unicorn-4759.exe
1616	Unicorn-50239.exe
1684	Unicorn-20027.exe
2912	Unicorn-18142.exe
1792	Unicorn-38008.exe
1140	Unicorn-20987.exe
828	Unicorn-20795.exe
692	Unicorn-18910.exe
1036	Unicorn-18910.exe
444	Unicorn-38776.exe
2436	Unicorn-38776.exe
2004	Unicorn-18718.exe
2856	Unicorn-38584.exe
2892	Unicorn-25440.exe
1672	Unicorn-53156.exe
2652	Unicorn-22900.exe
2580	Unicorn-55572.exe
2728	Unicorn-36055.exe
2936	Unicorn-49246.exe
2696	Unicorn-3382.exe
372	Unicorn-1306.exe

Loads dropped DLL 64 IoCs

pid	Process
1276	5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe
1276	5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe
1680	Unicorn-42745.exe
1680	Unicorn-42745.exe
1276	5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe
1276	5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe
1680	Unicorn-42745.exe
2644	Unicorn-19640.exe
2644	Unicorn-19640.exe
1680	Unicorn-42745.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
844	Unicorn-5368.exe
844	Unicorn-5368.exe
1720	Unicorn-46142.exe
1720	Unicorn-46142.exe
2732	Unicorn-50548.exe
2732	Unicorn-50548.exe
2644	Unicorn-19640.exe
2644	Unicorn-19640.exe
1772	WerFault.exe
784	WerFault.exe
1772	WerFault.exe
784	WerFault.exe
1772	WerFault.exe
784	WerFault.exe
1772	WerFault.exe
784	WerFault.exe
784	WerFault.exe
1772	WerFault.exe
2516	Unicorn-5151.exe
2516	Unicorn-5151.exe
1832	Unicorn-39926.exe
1832	Unicorn-39926.exe
1664	Unicorn-55385.exe
1664	Unicorn-55385.exe
2732	Unicorn-50548.exe
2732	Unicorn-50548.exe
1720	Unicorn-46142.exe
1720	Unicorn-46142.exe
1844	Unicorn-1911.exe
2448	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe
1844	Unicorn-1911.exe
2516	Unicorn-5151.exe
2516	Unicorn-5151.exe
536	WerFault.exe
536	WerFault.exe
536	WerFault.exe
536	WerFault.exe
536	WerFault.exe
536	WerFault.exe
2448	WerFault.exe
536	WerFault.exe
1832	Unicorn-39926.exe
2112	Unicorn-47931.exe
2112	Unicorn-47931.exe
1832	Unicorn-39926.exe
1748	Unicorn-61122.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2592	1276	WerFault.exe	27
2508	1680	WerFault.exe	28
784	844	WerFault.exe	30
1772	2644	WerFault.exe	29
2448	1720	WerFault.exe	33
536	2732	WerFault.exe	32
1612	2516	WerFault.exe	35
2184	1832	WerFault.exe	36
560	1664	WerFault.exe	37
2780	1844	WerFault.exe	41
2708	2112	WerFault.exe	42
1048	1748	WerFault.exe	44
2252	2560	WerFault.exe	45
1688	2820	WerFault.exe	43
2264	2772	WerFault.exe	47
2952	780	WerFault.exe	49
2880	2788	WerFault.exe	50
1716	1800	WerFault.exe	51
2544	2428	WerFault.exe	52
2256	1500	WerFault.exe	54
2832	2100	WerFault.exe	53
2612	2016	WerFault.exe	55
2564	2964	WerFault.exe	61
1620	1244	WerFault.exe	60
2960	1032	WerFault.exe	58
1632	2032	WerFault.exe	63
300	1148	WerFault.exe	62
1368	1592	WerFault.exe	65
1704	2904	WerFault.exe	64
1568	1728	WerFault.exe	66
2840	2680	WerFault.exe	70
2620	2068	WerFault.exe	67
2492	2572	WerFault.exe	69
2676	2656	WerFault.exe	71
1420	2376	WerFault.exe	68
992	2356	WerFault.exe	161
3552	2928	WerFault.exe	75
3992	2024	WerFault.exe	81
4008	1808	WerFault.exe	78
4040	1868	WerFault.exe	77
4088	2136	WerFault.exe	82
4076	2824	WerFault.exe	80
3968	1036	WerFault.exe	93
3300	2436	WerFault.exe	95
3396	1792	WerFault.exe	89
3492	2916	WerFault.exe	84
3564	1684	WerFault.exe	87
3568	304	WerFault.exe	83
3624	2856	WerFault.exe	97
3684	1616	WerFault.exe	86
3756	2004	WerFault.exe	96
3804	692	WerFault.exe	92
3920	828	WerFault.exe	91
3936	1140	WerFault.exe	90
3960	2912	WerFault.exe	88
3292	444	WerFault.exe	94
3216	1532	WerFault.exe	127
3172	1840	WerFault.exe	115
3812	2896	WerFault.exe	132
3896	1348	WerFault.exe	128
3844	2968	WerFault.exe	134
3260	1096	WerFault.exe	125
3648	2536	WerFault.exe	136
4168	1176	WerFault.exe	133

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1276	5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe
1680	Unicorn-42745.exe
2644	Unicorn-19640.exe
844	Unicorn-5368.exe
2732	Unicorn-50548.exe
1720	Unicorn-46142.exe
2516	Unicorn-5151.exe
1832	Unicorn-39926.exe
1664	Unicorn-55385.exe
1844	Unicorn-1911.exe
2112	Unicorn-47931.exe
1748	Unicorn-61122.exe
2820	Unicorn-375.exe
2560	Unicorn-30587.exe
2772	Unicorn-21440.exe
780	Unicorn-3712.exe
2788	Unicorn-64221.exe
1800	Unicorn-44356.exe
2428	Unicorn-16474.exe
2100	Unicorn-49338.exe
1500	Unicorn-16666.exe
2016	Unicorn-62913.exe
1032	Unicorn-31583.exe
1244	Unicorn-62371.exe
2964	Unicorn-16700.exe
1148	Unicorn-40924.exe
2032	Unicorn-39039.exe
2904	Unicorn-58905.exe
1592	Unicorn-41884.exe
1728	Unicorn-21826.exe
2068	Unicorn-6715.exe
2376	Unicorn-54525.exe
2656	Unicorn-39388.exe
2680	Unicorn-4063.exe
2572	Unicorn-8853.exe
2928	Unicorn-65470.exe
1868	Unicorn-33182.exe
1808	Unicorn-13316.exe
2824	Unicorn-32990.exe
2024	Unicorn-28583.exe
2136	Unicorn-64126.exe
304	Unicorn-31454.exe
1624	Unicorn-4759.exe
2916	Unicorn-50431.exe
1616	Unicorn-50239.exe
1684	Unicorn-20027.exe
2912	Unicorn-18142.exe
1792	Unicorn-38008.exe
1140	Unicorn-20987.exe
828	Unicorn-20795.exe
692	Unicorn-18910.exe
2436	Unicorn-38776.exe
444	Unicorn-38776.exe
1036	Unicorn-18910.exe
2004	Unicorn-18718.exe
2856	Unicorn-38584.exe
2892	Unicorn-25440.exe
1672	Unicorn-53156.exe
2652	Unicorn-22900.exe
2580	Unicorn-55572.exe
2728	Unicorn-36055.exe
2936	Unicorn-49246.exe
2696	Unicorn-3382.exe
2276	Unicorn-1306.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 1680	1276	5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe	28
PID 1276 wrote to memory of 1680	1276	5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe	28
PID 1276 wrote to memory of 1680	1276	5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe	28
PID 1276 wrote to memory of 1680	1276	5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe	28
PID 1680 wrote to memory of 2644	1680	Unicorn-42745.exe	29
PID 1680 wrote to memory of 2644	1680	Unicorn-42745.exe	29
PID 1680 wrote to memory of 2644	1680	Unicorn-42745.exe	29
PID 1680 wrote to memory of 2644	1680	Unicorn-42745.exe	29
PID 1276 wrote to memory of 844	1276	5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe	30
PID 1276 wrote to memory of 844	1276	5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe	30
PID 1276 wrote to memory of 844	1276	5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe	30
PID 1276 wrote to memory of 844	1276	5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe	30
PID 1276 wrote to memory of 2592	1276	5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe	31
PID 1276 wrote to memory of 2592	1276	5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe	31
PID 1276 wrote to memory of 2592	1276	5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe	31
PID 1276 wrote to memory of 2592	1276	5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe	31
PID 2644 wrote to memory of 2732	2644	Unicorn-19640.exe	32
PID 2644 wrote to memory of 2732	2644	Unicorn-19640.exe	32
PID 2644 wrote to memory of 2732	2644	Unicorn-19640.exe	32
PID 2644 wrote to memory of 2732	2644	Unicorn-19640.exe	32
PID 1680 wrote to memory of 1720	1680	Unicorn-42745.exe	33
PID 1680 wrote to memory of 1720	1680	Unicorn-42745.exe	33
PID 1680 wrote to memory of 1720	1680	Unicorn-42745.exe	33
PID 1680 wrote to memory of 1720	1680	Unicorn-42745.exe	33
PID 1680 wrote to memory of 2508	1680	Unicorn-42745.exe	34
PID 1680 wrote to memory of 2508	1680	Unicorn-42745.exe	34
PID 1680 wrote to memory of 2508	1680	Unicorn-42745.exe	34
PID 1680 wrote to memory of 2508	1680	Unicorn-42745.exe	34
PID 844 wrote to memory of 2516	844	Unicorn-5368.exe	35
PID 844 wrote to memory of 2516	844	Unicorn-5368.exe	35
PID 844 wrote to memory of 2516	844	Unicorn-5368.exe	35
PID 844 wrote to memory of 2516	844	Unicorn-5368.exe	35
PID 1720 wrote to memory of 1832	1720	Unicorn-46142.exe	36
PID 1720 wrote to memory of 1832	1720	Unicorn-46142.exe	36
PID 1720 wrote to memory of 1832	1720	Unicorn-46142.exe	36
PID 1720 wrote to memory of 1832	1720	Unicorn-46142.exe	36
PID 2732 wrote to memory of 1664	2732	Unicorn-50548.exe	37
PID 2732 wrote to memory of 1664	2732	Unicorn-50548.exe	37
PID 2732 wrote to memory of 1664	2732	Unicorn-50548.exe	37
PID 2732 wrote to memory of 1664	2732	Unicorn-50548.exe	37
PID 2644 wrote to memory of 2696	2644	Unicorn-19640.exe	38
PID 2644 wrote to memory of 2696	2644	Unicorn-19640.exe	38
PID 2644 wrote to memory of 2696	2644	Unicorn-19640.exe	38
PID 2644 wrote to memory of 2696	2644	Unicorn-19640.exe	38
PID 844 wrote to memory of 784	844	Unicorn-5368.exe	39
PID 2644 wrote to memory of 1772	2644	Unicorn-19640.exe	40
PID 2644 wrote to memory of 1772	2644	Unicorn-19640.exe	40
PID 2644 wrote to memory of 1772	2644	Unicorn-19640.exe	40
PID 2644 wrote to memory of 1772	2644	Unicorn-19640.exe	40
PID 844 wrote to memory of 784	844	Unicorn-5368.exe	39
PID 844 wrote to memory of 784	844	Unicorn-5368.exe	39
PID 844 wrote to memory of 784	844	Unicorn-5368.exe	39
PID 2516 wrote to memory of 1844	2516	Unicorn-5151.exe	41
PID 2516 wrote to memory of 1844	2516	Unicorn-5151.exe	41
PID 2516 wrote to memory of 1844	2516	Unicorn-5151.exe	41
PID 2516 wrote to memory of 1844	2516	Unicorn-5151.exe	41
PID 1832 wrote to memory of 2112	1832	Unicorn-39926.exe	42
PID 1832 wrote to memory of 2112	1832	Unicorn-39926.exe	42
PID 1832 wrote to memory of 2112	1832	Unicorn-39926.exe	42
PID 1832 wrote to memory of 2112	1832	Unicorn-39926.exe	42
PID 1664 wrote to memory of 2820	1664	Unicorn-55385.exe	43
PID 1664 wrote to memory of 2820	1664	Unicorn-55385.exe	43
PID 1664 wrote to memory of 2820	1664	Unicorn-55385.exe	43
PID 1664 wrote to memory of 2820	1664	Unicorn-55385.exe	43

C:\Users\Admin\AppData\Local\Temp\5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5f19173e3a7b92a6d9d221070b5494a0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-375.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        10⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8899.exe
        11⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe
        12⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        13⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8355.exe
        14⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49326.exe
        15⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 216
        15⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 216
        14⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
        13⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        12⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 236
        11⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19018.exe
        10⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        11⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61318.exe
        12⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56150.exe
        13⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35611.exe
        14⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9660 -s 220
        14⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 220
        13⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 220
        12⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        11⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 220
        10⤵
        Program crash
        
        PID:3920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
        9⤵
        Program crash
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
        9⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        10⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27309.exe
        11⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
        12⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56574.exe
        13⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
        14⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 236
        13⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
        12⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        11⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 236
        10⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51202.exe
        10⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2937.exe
        11⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
        12⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12735.exe
        13⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9492 -s 216
        13⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 220
        12⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
        11⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
        10⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 220
        9⤵
        Program crash
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
        8⤵
        Program crash
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54525.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38584.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
        9⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
        10⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        11⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        12⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 220
        13⤵
        
        PID:10624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
        12⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 216
        11⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 216
        10⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
        9⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49785.exe
        10⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12584.exe
        11⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26503.exe
        12⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        13⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 216
        13⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
        12⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
        11⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
        10⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        9⤵
        Program crash
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe
        8⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31655.exe
        9⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
        10⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42787.exe
        11⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47769.exe
        12⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35611.exe
        13⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 220
        13⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 220
        12⤵
        
        PID:10992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        11⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        10⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
        9⤵
        Program crash
        
        PID:3844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        8⤵
        Program crash
        
        PID:1420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        7⤵
        Program crash
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62913.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39388.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
        9⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        10⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33652.exe
        11⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-144.exe
        12⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
        13⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
        14⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
        13⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
        12⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 216
        11⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
        10⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe
        9⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
        10⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33521.exe
        11⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4032.exe
        12⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54100.exe
        13⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 220
        13⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 216
        12⤵
        
        PID:10832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
        11⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 216
        10⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 220
        9⤵
        Program crash
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23703.exe
        8⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64327.exe
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
        10⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46819.exe
        11⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
        12⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        13⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 216
        13⤵
        
        PID:13112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
        12⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
        11⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
        10⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 236
        9⤵
        Program crash
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        8⤵
        Program crash
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59246.exe
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31655.exe
        9⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1030.exe
        10⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
        10⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55869.exe
        11⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
        12⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
        13⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 216
        13⤵
        
        PID:13124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 220
        12⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 236
        11⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 220
        10⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
        9⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32753.exe
        10⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35464.exe
        11⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39620.exe
        12⤵
        
        PID:12328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 236
        12⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 220
        11⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        10⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 220
        9⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
        8⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        9⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
        10⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-424.exe
        11⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
        12⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 216
        12⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
        11⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
        10⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
        9⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
        8⤵
        Program crash
        
        PID:3756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
        7⤵
        Program crash
        
        PID:2612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        6⤵
        Program crash
        
        PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61122.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16474.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41884.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58478.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
        10⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5519.exe
        11⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
        11⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54474.exe
        12⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
        13⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3557.exe
        14⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9572 -s 236
        14⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
        13⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        12⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
        11⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
        10⤵
        Program crash
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
        9⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3257.exe
        10⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58359.exe
        11⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56740.exe
        12⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26255.exe
        13⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
        12⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
        11⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
        10⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        9⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        8⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        9⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32572.exe
        10⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62854.exe
        11⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35408.exe
        12⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5896.exe
        13⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10004 -s 220
        13⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
        12⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
        11⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
        10⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 236
        9⤵
        Program crash
        
        PID:3896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
        8⤵
        Program crash
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50239.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        8⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
        9⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
        10⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2937.exe
        11⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4032.exe
        12⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe
        13⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 216
        13⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
        12⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
        11⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
        10⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11580.exe
        9⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40026.exe
        10⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58765.exe
        11⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        12⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9684 -s 220
        12⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 220
        11⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
        10⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 240
        9⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30268.exe
        9⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        10⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48537.exe
        11⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27334.exe
        12⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 216
        12⤵
        
        PID:12380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 220
        11⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 240
        10⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        9⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        8⤵
        Program crash
        
        PID:3684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
        7⤵
        Program crash
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21826.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38008.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        8⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
        9⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
        10⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
        11⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30540.exe
        12⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62133.exe
        13⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 216
        13⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
        12⤵
        
        PID:10400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
        11⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        10⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2841.exe
        9⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        10⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22253.exe
        11⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
        12⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10160 -s 216
        12⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
        11⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        10⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
        9⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51857.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        9⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15539.exe
        10⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21246.exe
        11⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
        12⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
        12⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
        11⤵
        
        PID:10812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 236
        10⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
        9⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 220
        8⤵
        Program crash
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55879.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        9⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        10⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65298.exe
        11⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37229.exe
        12⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 216
        12⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
        11⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
        10⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
        9⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        9⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4032.exe
        10⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47499.exe
        11⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
        11⤵
        
        PID:12892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
        10⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
        9⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        8⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
        7⤵
        Program crash
        
        PID:1568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
        6⤵
        Program crash
        
        PID:1048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
      4⤵
      Executes dropped EXE
      PID:2696
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39926.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64221.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40924.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31454.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25204.exe
        9⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
        10⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        11⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33521.exe
        12⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
        13⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
        14⤵
        
        PID:12236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 216
        14⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 216
        13⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        12⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 236
        11⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 216
        10⤵
        Program crash
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43475.exe
        9⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16729.exe
        10⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
        11⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59533.exe
        12⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26690.exe
        13⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 216
        13⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
        12⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        11⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
        10⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
        9⤵
        Program crash
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        9⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2276.exe
        10⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62854.exe
        11⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55382.exe
        12⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27334.exe
        13⤵
        
        PID:912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9256 -s 216
        13⤵
        
        PID:12388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        11⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
        10⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
        9⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 240
        8⤵
        Program crash
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50431.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        8⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
        9⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19345.exe
        10⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19493.exe
        11⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16507.exe
        12⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        13⤵
        
        PID:12304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
        12⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        11⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 216
        10⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 236
        9⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59537.exe
        8⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        9⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55869.exe
        10⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8355.exe
        11⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12735.exe
        12⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 216
        12⤵
        
        PID:13220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 216
        11⤵
        
        PID:11092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
        10⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
        9⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
        8⤵
        Program crash
        
        PID:3492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
        7⤵
        Program crash
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39039.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64126.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17654.exe
        9⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50005.exe
        10⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62944.exe
        11⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49888.exe
        12⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28560.exe
        13⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9508 -s 216
        13⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
        12⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        11⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
        10⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32591.exe
        10⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
        11⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35184.exe
        12⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14947.exe
        13⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 216
        12⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        11⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
        10⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        9⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
        9⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
        10⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15977.exe
        11⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22167.exe
        12⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 216
        12⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
        11⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
        10⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
        9⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
        8⤵
        Program crash
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1306.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43658.exe
        8⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe
        9⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10048.exe
        10⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
        11⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36720.exe
        12⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
        13⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 236
        12⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
        11⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
        10⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 236
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19698.exe
        8⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        9⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
        10⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48889.exe
        11⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        12⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 236
        11⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
        10⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        9⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 220
        8⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
        7⤵
        Program crash
        
        PID:1632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
        6⤵
        Program crash
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44356.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58905.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20027.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41265.exe
        8⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
        9⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25011.exe
        10⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        11⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27239.exe
        11⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53792.exe
        12⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
        13⤵
        
        PID:12996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 216
        13⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
        12⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 220
        11⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
        10⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
        9⤵
        Program crash
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
        9⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42787.exe
        10⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32797.exe
        11⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
        12⤵
        
        PID:12596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 216
        12⤵
        
        PID:13256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
        11⤵
        
        PID:11236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
        10⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
        9⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
        8⤵
        Program crash
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe
        8⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
        9⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
        10⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12506.exe
        11⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
        12⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 216
        12⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
        11⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
        10⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
        9⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30256.exe
        8⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        9⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
        10⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
        11⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 216
        11⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        10⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
        9⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
        8⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        7⤵
        Program crash
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18142.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        9⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28864.exe
        10⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
        11⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65190.exe
        12⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 220
        12⤵
        
        PID:12396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
        11⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
        10⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
        9⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
        8⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57093.exe
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        8⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24094.exe
        9⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5325.exe
        10⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
        11⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 236
        11⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 236
        10⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
        9⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        8⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 220
        7⤵
        Program crash
        
        PID:3960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
        6⤵
        Program crash
        
        PID:1716
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
        5⤵
        Program crash
        
        PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30587.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8853.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
        9⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        10⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
        11⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12407.exe
        12⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
        13⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50334.exe
        14⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 236
        13⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
        12⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        11⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 236
        10⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20274.exe
        9⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        10⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
        11⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        12⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 216
        12⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
        11⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        10⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 220
        9⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
        8⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6116.exe
        9⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46627.exe
        10⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48537.exe
        11⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        12⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 220
        12⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 220
        11⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        10⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 216
        9⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 220
        8⤵
        Program crash
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56568.exe
        7⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46730.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe
        9⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        10⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6086.exe
        11⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4386.exe
        12⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
        11⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
        10⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
        9⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
        8⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
        7⤵
        Program crash
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
        7⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        8⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
        9⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
        10⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
        11⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53295.exe
        12⤵
        
        PID:13268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10556 -s 216
        12⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 236
        11⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        10⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
        9⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 236
        8⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64429.exe
        8⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
        9⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17214.exe
        10⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64328.exe
        11⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 216
        11⤵
        
        PID:12756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
        10⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
        9⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        8⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 220
        7⤵
        Program crash
        
        PID:3968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
        6⤵
        Program crash
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8592.exe
        7⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        9⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe
        10⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26311.exe
        11⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        12⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 216
        12⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
        11⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        10⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
        9⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 216
        8⤵
        Program crash
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
        7⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47587.exe
        9⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
        10⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27500.exe
        11⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 216
        11⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
        10⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
        9⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        8⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 220
        7⤵
        Program crash
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6516.exe
        6⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47585.exe
        8⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42848.exe
        9⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56740.exe
        10⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
        11⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 236
        10⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        9⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        8⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
        7⤵
        Program crash
        
        PID:3648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        6⤵
        Program crash
        
        PID:2840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        5⤵
        Program crash
        
        PID:2252
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2448
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5368.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5368.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5151.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1911.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21440.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31583.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40927.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9937.exe
        9⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55829.exe
        10⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        11⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10046.exe
        12⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 236
        12⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
        11⤵
        
        PID:9312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        10⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 216
        9⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
        8⤵
        Program crash
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1306.exe
        7⤵
        Executes dropped EXE
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43658.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
        9⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46945.exe
        10⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50529.exe
        11⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60627.exe
        12⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe
        13⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 236
        12⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
        11⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
        10⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
        9⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34965.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46974.exe
        10⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63725.exe
        11⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25389.exe
        12⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 216
        11⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 236
        10⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        9⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 240
        8⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
        7⤵
        Program crash
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22900.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
        8⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55829.exe
        10⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
        11⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51074.exe
        12⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 236
        12⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        11⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        10⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 216
        9⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47353.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6327.exe
        9⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62053.exe
        10⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7932.exe
        11⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 236
        11⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
        10⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        9⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        9⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8846.exe
        10⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        11⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 216
        11⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
        10⤵
        
        PID:9836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        9⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
        8⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        7⤵
        Program crash
        
        PID:3992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        6⤵
        Program crash
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62371.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61369.exe
        8⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19471.exe
        9⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62944.exe
        10⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
        11⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28560.exe
        12⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
        12⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
        11⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        10⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
        9⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14872.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe
        9⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11295.exe
        10⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52776.exe
        11⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 216
        11⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
        10⤵
        
        PID:9628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        9⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58717.exe
        7⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1681.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
        9⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1767.exe
        10⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
        11⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60773.exe
        12⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 216
        11⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
        10⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        9⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
        8⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
        7⤵
        Program crash
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49246.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65209.exe
        7⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 200
        8⤵
        Program crash
        
        PID:992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
        7⤵
        
        PID:4640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240
        6⤵
        Program crash
        
        PID:1620
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
        5⤵
        Program crash
        
        PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3712.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16700.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65470.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14337.exe
        8⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        9⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49036.exe
        10⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
        11⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11898.exe
        12⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63715.exe
        13⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10328 -s 236
        13⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 216
        12⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
        11⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        10⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
        9⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
        8⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5777.exe
        9⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        10⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        11⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 216
        11⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
        10⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        9⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
        8⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        7⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52475.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29929.exe
        9⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
        10⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe
        11⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        12⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 236
        11⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        10⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        9⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
        8⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        7⤵
        Program crash
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15682.exe
        7⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-787.exe
        9⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16398.exe
        10⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
        11⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
        12⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
        11⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
        10⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        9⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 236
        8⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39355.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        8⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30719.exe
        9⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51961.exe
        10⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
        10⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        9⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        8⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
        7⤵
        
        PID:4828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
        6⤵
        Program crash
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13316.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55572.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9937.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
        9⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41596.exe
        10⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
        11⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
        12⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 236
        11⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        10⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        9⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 216
        8⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47353.exe
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe
        8⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41596.exe
        9⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        10⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62140.exe
        11⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8424 -s 216
        10⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
        9⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        8⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
        7⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
        6⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
        8⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41069.exe
        9⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35184.exe
        10⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10119.exe
        11⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 216
        10⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
        9⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
        8⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 236
        7⤵
        
        PID:5124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
        6⤵
        Program crash
        
        PID:4008
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
        5⤵
        Program crash
        
        PID:2952
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
      4⤵
      Program crash
      PID:1612
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 216
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:784
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
  2⤵
  - Program crash
  PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11295.exe

Filesize
184KB

MD5
566cfb4de1f202eae3824f590f173f33

SHA1
7b078032c55e7b19c7a128d2a4f7a7c76b5ca5af

SHA256
acf1d4a48e08a92a567bc79f7eec2837d35261baa41032ee2838f70b1480914c

SHA512
8ccfff853243d13dba0a1b52ca54bab1c3e927040d44dacb998eb2cf6c9da939f650dec5892ea7a3d916525207aea0534b0993b37130e10796af5848b5956bb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe

Filesize
184KB

MD5
e9350c8ab84dffb4f2cbb95fbd2475db

SHA1
ce1f05ba9916ba995bfe119af1582d4bd4c185ae

SHA256
2e60fdde775033b11406494e7895e87a7253e4aa530f9d34116cccf1d9f9370c

SHA512
a03d82c22f3f2424014e2a4fe52ff509e035a4e836f56d08159d252ba18067331b72c9b3d7448ef7abdd28f7ce0db5649ae215d6c3cfe7c8812d4c9a5f1751aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe

Filesize
184KB

MD5
1058b7d126a6c4ed10e85d3797f6e6ed

SHA1
71fcc55dc910091dbec99d4377ae251cf80a9836

SHA256
97fdb18f67dd40d910a209c135b5fbc01fbe5340d9f6a6dfbfc146839dd04c6c

SHA512
3ea19d2589e911ae599e6ea25c57442ea8aa123f066d4daefc0d1b0ddacd653e946c14d0ff8880c38f5b3c3ec0b1ef30754be0d57fe28ecf79499607e5428b93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe

Filesize
184KB

MD5
9843d617d3bfb0384273db0b33e268c3

SHA1
ec515f6ba37ef641f366a39a89d7d7aabf76cedc

SHA256
4804968edf211c2a6afffeac768cb5d074e72b5186adc97206e804d1871f052d

SHA512
c9e46b2809eecf33b704b05a4289138c54aa39e8d3463cd56bc30d0f19d5bd0246d07fb91ead16fa9754f96e28df0b76a0724faee9ed1e324dcd7e66b467e037

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe

Filesize
184KB

MD5
57e43b43cac64d55b46ab1f1292ae356

SHA1
e531497ada2bd386653437d6f1fb64c88f017218

SHA256
5ccc511d4ad59c5ba0a8245dd4c13043fed7a8848e9fe019a8fe9b8ae06f3df6

SHA512
68f5c7d1db38cac1bccaa3169e815e631f1be0ed485312003a16bf7225846e1c5a5219c95947b1f38aab7f7b73aa98b7ab8c375691932feaa736f7905193be1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40927.exe

Filesize
184KB

MD5
6d863dc4bad668bf8aa3863678f72b6a

SHA1
95078946fd0920560cc2b13e2833da2c73b9f131

SHA256
3803f0cfb270a046d87f9ec0c8e4e44861721e97aa6bc801eb122b97cf70bbef

SHA512
49bd6b151f29bd9d5d87645e934304c3c66fd0f07ff0575a0e83311df01021d15d0db5f50c7d0ec4bdd7da993769c1b9f29929ad754e35aaff243e1e42248c40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55879.exe

Filesize
184KB

MD5
ce320b8a4a27e3f36b9684b4f9cad463

SHA1
c94ef4e061a2ef92049d649504c5b617ff935a94

SHA256
fc6589429b1b4d92ece82bafa5fc627df791d703238c4e0a8856ff378688f705

SHA512
d47e5b9d9e3a3e1295ff2d5180a9be35dd4a7124398732eaa0dfd108004eeb588f3a1abae489f63bf18adbb5e6bd3ec902168d34438161e530724affbce3489d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5777.exe

Filesize
184KB

MD5
d75d727433a7000322959a514ed31c1a

SHA1
613cbb5a59537369290909ee4622f41e0f9f1b36

SHA256
08565253e1d2783f91b929d4725603559619d5f73d19ecd3b54f59d28baae38a

SHA512
12da4bcf89535e885aac3951bcf42cfa49b0c25eb07a79338dd9a3da68ee21a9f78dcbc825d8d93cf80efe8df2cbedef2f331d020b623f6417440e10fc36b157

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe

Filesize
184KB

MD5
7fd37ecfb412b7b1d291a651d5d83ec5

SHA1
22c73866f7596a2b7ef9604a9d0cd6ee51816e5f

SHA256
a1ad9612d6165763358fb304efeb95e81d092bbdac1429dd17f99796c0948ec7

SHA512
1ab6a463266f9fc9f351f620191e6c48c831ed74ceedf4cfd4c2e3a3b492bc346311a5b482339af5eb7e7444ea9cedbde4e4b4323094b6f8e7f277c8f5c49ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe

Filesize
184KB

MD5
ceef65928655781358c2933359a600d7

SHA1
7a7dfbf5a6fdf54ffb6ccc90c02803156c008177

SHA256
7c610d6d0082b4fb9b786aa23e547f9c3e06455c4768acac36b2cfd941570efb

SHA512
80d527488b1a733c46061dd4f85033682267bf66224faecb9f8f86532a15dcba31d37e83e18f647749dde9d2b45483c26dab61cd63bb2619eaae8882827d9491

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe

Filesize
184KB

MD5
ed975ba50f1b74c4a70a7e199bda93cc

SHA1
08fc6c6b928396d283d702b123e2a094bf161543

SHA256
187e810a76a7d3ced743c01b4f0623d51a57922436481672b27e262fbfeba568

SHA512
17ac3f72614ba57b179d3adf2119b672ad76a02972fe886da1fa3b81afae83de3ebee9711f8d5c69dbf8b9bf63fbb53c01a129bb19f286d3b016bdd14f661ea0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe

Filesize
184KB

MD5
d8b40cb037eeba1c2b5e65213bb6ab11

SHA1
c77393417433d6258c9a65eb4da2ff86eb7ef64c

SHA256
221c0573cd930238e9c79b83ab44c9e9a55be40fba52d66a2d94f0ef22341889

SHA512
e004b7cdde02d6f0460f1f60ca8420f3211fa4bb1d7f7a65ffc55efe467b0f3c7af6d1f33a17ff6d77e270d9ee67fd7a0026517ffd4c5205d2e2f1e31e9a2c19

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1911.exe

Filesize
184KB

MD5
c67d16c556f29e5849d632e04a4df46b

SHA1
0397f3280aaa4df2fcb882b3b67164859ec9c028

SHA256
1d1f3e10da9e08025416e341af94baf2260d3debd41ce67c4efc930979901b02

SHA512
c1ea4c46a28be759880d0ec18ac72f77573df479f22dfa51afeed985c01f8561470fd2129b5363ed83d201e621fb25318551bb3cf6dcdef24e3be7be07533491

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30587.exe

Filesize
184KB

MD5
74836bf4a640b9d1bd51c1780cb50316

SHA1
872fa11ce493d2df11b08e0fe943f518908ad55d

SHA256
4bf707cc12ead54f5157e38313e72ade34503cc0cc8b81599f4dd6470bcd8059

SHA512
edbdc758e24d5e20ee96c4d11046ac719e6546ef5057df1061e2e41e3b640534f497a10b30f67f3b2577c3762bfa7b399dff5713d1f47bb92e473b661ec0af68

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe

Filesize
184KB

MD5
6d4815a9f469eb8c20472da09a414729

SHA1
8fe7dfe941e42a200e509a05571b6a585b6ae875

SHA256
0a9153aec299b896a0d708a4ad8c108b83107582252c324f71bab4aac15a92a8

SHA512
722f0221a4a8ea589a32f89388edeff4469efa48e40d163f86317d4b1f0b1121bf2a8009af4fa3d455fcc5792f5d230a2f4f44badd1b8475bc496df459ae2677

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-375.exe

Filesize
184KB

MD5
dd9a953653079ebf2faba280b90950fb

SHA1
8a4c51464bab042bebf14e896bd6337a824e74e3

SHA256
1262e46802da4d3c64e35e588ce2fad9a3e00de6c5747b2c000e756ad5d7b8ff

SHA512
53c315e936d009d15ac0a230c81402aff95874838d7073073ebf8464e64c1f1aa16b1420d5f31743083deec30323229509a518835a68846e7cf8ea608eef80f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39926.exe

Filesize
184KB

MD5
151565790d823608ef4db9386657514c

SHA1
7fffcc115a587370db0fc333522fd34c8decafa5

SHA256
94336614a1f7781bf1574e1ddcfde7dd30f01f939c4210c1aa98bf731156ebd3

SHA512
100f48c8c7a5e9a5d80c00538153a4001ed4258e42769d5f6f04fad39dfd936b1bda3c23218bba0657db999f779b6b2a19a8a65b2cdc28a222736f1551a38d1f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe

Filesize
184KB

MD5
aa4ce714e5805d6f36182540b502b335

SHA1
5dc37b4e29f7fd74bc5be4dc7d63d196fec86ab8

SHA256
a50d2e53077f2ab531124449907d5fbb57ab67f79711412a1de97f2b35994add

SHA512
d986fb0176a11b821cafd44fa4c6d48710d516701832fc01a2212fc3e1a1cda50aa3e1f35e5431bbf29060f1c2d679fdb3ad0439fe652c3d096db340c6d0a217

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe

Filesize
184KB

MD5
01319d9aca2e2e27d87d07467543eac6

SHA1
bd650290d7cbc6074993cb766953a95975e759ec

SHA256
7fb2d3151ced106cb6326df189c3ad60eaedbb7e4917840b411b4dfac2a772f7

SHA512
9131059a8667645858e49ebf7932b3e8058b8eb653846bb6f91eefbaff2ce09d2899fe108c836b45a07edfdd76c8b35ffc25405b3c198fcb4da10d28d3f49b90

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe

Filesize
184KB

MD5
2280c6427294b4ab9986ad23912affc1

SHA1
d260e59a2ea4c5d573dc307c0fdf6c395bbef4df

SHA256
2ccb6bdaca3aaf909bd795c0a72a8d9b27b3a11ed5d6d6349c5be4785c45c7c6

SHA512
b48966ea817391b36b8ad5e6286ad189f3a454043c887698d080ae0b58d1df856e6df286cae633c2fcbd1322c69fd456589a9d1453d841e36198881c9ae26180

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe

Filesize
184KB

MD5
df9bcd026fd8fe7419ea9f7e20792436

SHA1
0225b8d4ffa0dc0869a41194b1d2a8c8205a8552

SHA256
549a2b66cd038c24a36744c898a57becd5d472631abb9c4ad16141b27644ebb9

SHA512
c0fa469a2a3346858b0ba270585abe812db9167d998f2245b6834e1bcd29944d4640ec0d945b29e1dfaeb14939931bf9391e3805d14ce68e7ab5e10c8c32581b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5151.exe

Filesize
184KB

MD5
2f51b9227e401b1e1575bfa0ac30cfe2

SHA1
c15f369fe83134501fb8afc1ec4e7e1fa34df8a0

SHA256
b61102a8b24f9561227a704dddcd4854ff2b6b2b2898cff8f140779628b6267d

SHA512
d0388d7c1b16406f741844b930d94b19591347d56101255415706b781a82ce759622593caa9f16552fda1a9ad403380420be71a944ce51ce95bb6c75cafd3307

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5368.exe

Filesize
184KB

MD5
d19cd7e1ecd1e6d2f97ee7bb8ea66e29

SHA1
c8d31765df943743549ec1cea28e2819cf91a9fc

SHA256
095f6b0deed11a75faf6a3f4c4a0abcbdf57b610b42e2ce743ae1f52657004cb

SHA512
9b0650f6e33233acabc8d2126be7ae08a7d5c4df716f6bf7c50adb7e293e8460f0776f703dde2e5b05816b5fac01459e5fd1834fa3600fc03dd7b405b925e548

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe

Filesize
184KB

MD5
b15fb03992044e71034dbe97f3ef2707

SHA1
3f7e1d658f066749e992b58991e582134dd0876d

SHA256
483784689640b5c182bf9e88aa9cf98ef984b8ba06a836a31187016a746bb00f

SHA512
aaa9cc399c7a4db61b3809995f6a47b730bffbc89af9d942da94651e833ed5c12bc25f0569cab8312be7124fd98aefc9d4d8ebd7d8d44208b1ebf5daf10d2d68

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61122.exe

Filesize
184KB

MD5
5913d4c14475ca5efebae677e580a6a4

SHA1
702514daafe57b16ac87dc5a73ce4ea54259e071

SHA256
a43bee6478adab49853ba595020004b33fba4485bc6ba969db16738978318b9d

SHA512
0e4e9a587a2e62485a4db16332d36b3d678535be02f3f0e44e41117d3b1f4e6620795175ad67f8e181528f452bc299d7511230697be32928dd37facbcdc5fb68

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads