6e8834740b7f392275750cb362d22625c1895427a6c44ed73976af4bf976a8e7

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 12:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe
Size

184KB
MD5

df7a7939e0f9cb734f44ba7683aca9e0
SHA1

9c2ba99d7a414d3d51cbe44c199cd3897c8face3
SHA256

6e8834740b7f392275750cb362d22625c1895427a6c44ed73976af4bf976a8e7
SHA512

26eb3ea7723961c5c288b50e1ed2a36a19866318194085ec7d9bf0d60cb549515ef738455ba583a2a514f1781eacc58548da725728954cb30c6583d1c99404a9
SSDEEP

3072:EmI3Sxo974hcjGhWe+nLNWs3hlnViFunw:EmzocGGhGLIs3hlnViFu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2732	Unicorn-20164.exe
2648	Unicorn-942.exe
2604	Unicorn-37376.exe
2620	Unicorn-17253.exe
1528	Unicorn-13168.exe
2520	Unicorn-50672.exe
2680	Unicorn-34788.exe
3008	Unicorn-6754.exe
2764	Unicorn-19006.exe
1508	Unicorn-30704.exe
3064	Unicorn-26620.exe
1260	Unicorn-25115.exe
2400	Unicorn-16947.exe
2248	Unicorn-62618.exe
1988	Unicorn-17501.exe
1396	Unicorn-41451.exe
668	Unicorn-37367.exe
840	Unicorn-29199.exe
1388	Unicorn-9333.exe
912	Unicorn-4860.exe
1916	Unicorn-1523.exe
2056	Unicorn-45893.exe
1216	Unicorn-29919.exe
2148	Unicorn-25281.exe
1452	Unicorn-29365.exe
1948	Unicorn-9499.exe
2200	Unicorn-21197.exe
2232	Unicorn-41617.exe
1416	Unicorn-33449.exe
1496	Unicorn-17667.exe
1516	Unicorn-37895.exe
2804	Unicorn-37533.exe
2472	Unicorn-2167.exe
2892	Unicorn-35586.exe
2728	Unicorn-14782.exe
2460	Unicorn-34648.exe
1720	Unicorn-50984.exe
2780	Unicorn-59344.exe
2912	Unicorn-59899.exe
1884	Unicorn-26288.exe
2068	Unicorn-47455.exe
2196	Unicorn-59152.exe
1456	Unicorn-63791.exe
2348	Unicorn-5867.exe
1208	Unicorn-55623.exe
2304	Unicorn-30180.exe
1872	Unicorn-46516.exe
2256	Unicorn-38348.exe
2264	Unicorn-38348.exe
584	Unicorn-22566.exe
2408	Unicorn-43178.exe
2420	Unicorn-42432.exe
948	Unicorn-3402.exe
1304	Unicorn-49074.exe
2100	Unicorn-52966.exe
1900	Unicorn-35883.exe
1928	Unicorn-52411.exe
1168	Unicorn-20293.exe
1520	Unicorn-44243.exe
1632	Unicorn-44798.exe
2564	Unicorn-7102.exe
2492	Unicorn-56858.exe
2948	Unicorn-31607.exe
2904	Unicorn-27523.exe

Loads dropped DLL 64 IoCs

pid	Process
2940	df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe
2940	df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe
2732	Unicorn-20164.exe
2732	Unicorn-20164.exe
2940	df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe
2940	df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe
2648	Unicorn-942.exe
2604	Unicorn-37376.exe
2604	Unicorn-37376.exe
2648	Unicorn-942.exe
2732	Unicorn-20164.exe
2732	Unicorn-20164.exe
340	WerFault.exe
340	WerFault.exe
340	WerFault.exe
2620	Unicorn-17253.exe
2620	Unicorn-17253.exe
2604	Unicorn-37376.exe
2604	Unicorn-37376.exe
2648	Unicorn-942.exe
1528	Unicorn-13168.exe
2648	Unicorn-942.exe
1528	Unicorn-13168.exe
2520	Unicorn-50672.exe
2520	Unicorn-50672.exe
1476	WerFault.exe
1476	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
1476	WerFault.exe
2508	WerFault.exe
2680	Unicorn-34788.exe
2680	Unicorn-34788.exe
3064	Unicorn-26620.exe
2620	Unicorn-17253.exe
3064	Unicorn-26620.exe
2620	Unicorn-17253.exe
1528	Unicorn-13168.exe
1528	Unicorn-13168.exe
2764	Unicorn-19006.exe
2764	Unicorn-19006.exe
3008	Unicorn-6754.exe
3008	Unicorn-6754.exe
2520	Unicorn-50672.exe
1508	Unicorn-30704.exe
2520	Unicorn-50672.exe
1508	Unicorn-30704.exe
3000	WerFault.exe
3000	WerFault.exe
3000	WerFault.exe
2052	WerFault.exe
2052	WerFault.exe
2052	WerFault.exe
3044	WerFault.exe
3044	WerFault.exe
3044	WerFault.exe
1260	Unicorn-25115.exe
1260	Unicorn-25115.exe
2680	Unicorn-34788.exe
2680	Unicorn-34788.exe
2400	Unicorn-16947.exe
2400	Unicorn-16947.exe
3064	Unicorn-26620.exe
3064	Unicorn-26620.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2612	2940	WerFault.exe	27
340	2732	WerFault.exe	28
1476	2648	WerFault.exe	29
2508	2604	WerFault.exe	30
3000	2620	WerFault.exe	33
2052	1528	WerFault.exe	32
3044	2520	WerFault.exe	34
1620	2680	WerFault.exe	36
2668	3064	WerFault.exe	39
2640	2764	WerFault.exe	37
2820	3008	WerFault.exe	38
2556	1508	WerFault.exe	40
884	1260	WerFault.exe	43
1032	2400	WerFault.exe	44
1976	1396	WerFault.exe	48
1640	1388	WerFault.exe	49
3060	1988	WerFault.exe	46
1544	2248	WerFault.exe	45
2968	840	WerFault.exe	50
2592	668	WerFault.exe	47
2500	912	WerFault.exe	54
1768	2056	WerFault.exe	56
2512	1916	WerFault.exe	55
2772	1216	WerFault.exe	57
1828	2148	WerFault.exe	58
1344	1452	WerFault.exe	59
1268	2232	WerFault.exe	62
2316	2200	WerFault.exe	61
1668	1948	WerFault.exe	60
2332	1516	WerFault.exe	66
2840	1496	WerFault.exe	64
604	2804	WerFault.exe	65
3464	2472	WerFault.exe	72
3488	2728	WerFault.exe	74
3584	2196	WerFault.exe	81
3700	2304	WerFault.exe	85
3732	2256	WerFault.exe	88
3740	2264	WerFault.exe	87
3772	2420	WerFault.exe	91
3816	2068	WerFault.exe	80
3876	2460	WerFault.exe	75
3892	1720	WerFault.exe	76
3168	2912	WerFault.exe	78
3124	1884	WerFault.exe	79
3192	3216	WerFault.exe	188
3612	1304	WerFault.exe	94
4052	1872	WerFault.exe	86
3300	2408	WerFault.exe	90
3832	1848	WerFault.exe	113
3932	2492	WerFault.exe	109
3956	2120	WerFault.exe	114
3972	1888	WerFault.exe	119
3960	2564	WerFault.exe	108
4012	584	WerFault.exe	89
2572	1208	WerFault.exe	84
2700	1936	WerFault.exe	130
3244	948	WerFault.exe	95
2920	1804	WerFault.exe	126
3392	1616	WerFault.exe	127
3432	1944	WerFault.exe	121
3424	740	WerFault.exe	124
3560	2780	WerFault.exe	77
3624	880	WerFault.exe	128
3460	2320	WerFault.exe	115

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2940	df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe
2732	Unicorn-20164.exe
2648	Unicorn-942.exe
2604	Unicorn-37376.exe
2620	Unicorn-17253.exe
1528	Unicorn-13168.exe
2520	Unicorn-50672.exe
2680	Unicorn-34788.exe
2764	Unicorn-19006.exe
3008	Unicorn-6754.exe
1508	Unicorn-30704.exe
3064	Unicorn-26620.exe
1260	Unicorn-25115.exe
2400	Unicorn-16947.exe
2248	Unicorn-62618.exe
1988	Unicorn-17501.exe
1396	Unicorn-41451.exe
1388	Unicorn-9333.exe
840	Unicorn-29199.exe
668	Unicorn-37367.exe
912	Unicorn-4860.exe
1916	Unicorn-1523.exe
2056	Unicorn-45893.exe
1216	Unicorn-29919.exe
2148	Unicorn-25281.exe
1452	Unicorn-29365.exe
1948	Unicorn-9499.exe
2200	Unicorn-21197.exe
2232	Unicorn-41617.exe
1496	Unicorn-17667.exe
1516	Unicorn-37895.exe
1416	Unicorn-33449.exe
2804	Unicorn-37533.exe
2472	Unicorn-2167.exe
2728	Unicorn-14782.exe
2460	Unicorn-34648.exe
1720	Unicorn-50984.exe
2780	Unicorn-59344.exe
2912	Unicorn-59899.exe
1884	Unicorn-26288.exe
2068	Unicorn-47455.exe
2196	Unicorn-59152.exe
1456	Unicorn-63791.exe
2348	Unicorn-5867.exe
1208	Unicorn-55623.exe
2304	Unicorn-30180.exe
1872	Unicorn-46516.exe
2256	Unicorn-38348.exe
2420	Unicorn-42432.exe
2264	Unicorn-38348.exe
584	Unicorn-22566.exe
2408	Unicorn-43178.exe
1304	Unicorn-49074.exe
948	Unicorn-3402.exe
2100	Unicorn-52966.exe
1900	Unicorn-35883.exe
1928	Unicorn-52411.exe
1168	Unicorn-20293.exe
1520	Unicorn-44243.exe
1632	Unicorn-44798.exe
2948	Unicorn-31607.exe
2564	Unicorn-7102.exe
2492	Unicorn-56858.exe
2904	Unicorn-27523.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 2732	2940	df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe	28
PID 2940 wrote to memory of 2732	2940	df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe	28
PID 2940 wrote to memory of 2732	2940	df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe	28
PID 2940 wrote to memory of 2732	2940	df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe	28
PID 2732 wrote to memory of 2648	2732	Unicorn-20164.exe	29
PID 2732 wrote to memory of 2648	2732	Unicorn-20164.exe	29
PID 2732 wrote to memory of 2648	2732	Unicorn-20164.exe	29
PID 2732 wrote to memory of 2648	2732	Unicorn-20164.exe	29
PID 2940 wrote to memory of 2604	2940	df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe	30
PID 2940 wrote to memory of 2604	2940	df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe	30
PID 2940 wrote to memory of 2604	2940	df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe	30
PID 2940 wrote to memory of 2604	2940	df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe	30
PID 2940 wrote to memory of 2612	2940	df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe	31
PID 2940 wrote to memory of 2612	2940	df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe	31
PID 2940 wrote to memory of 2612	2940	df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe	31
PID 2940 wrote to memory of 2612	2940	df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe	31
PID 2604 wrote to memory of 2620	2604	Unicorn-37376.exe	33
PID 2604 wrote to memory of 2620	2604	Unicorn-37376.exe	33
PID 2604 wrote to memory of 2620	2604	Unicorn-37376.exe	33
PID 2604 wrote to memory of 2620	2604	Unicorn-37376.exe	33
PID 2648 wrote to memory of 1528	2648	Unicorn-942.exe	32
PID 2648 wrote to memory of 1528	2648	Unicorn-942.exe	32
PID 2648 wrote to memory of 1528	2648	Unicorn-942.exe	32
PID 2648 wrote to memory of 1528	2648	Unicorn-942.exe	32
PID 2732 wrote to memory of 2520	2732	Unicorn-20164.exe	34
PID 2732 wrote to memory of 2520	2732	Unicorn-20164.exe	34
PID 2732 wrote to memory of 2520	2732	Unicorn-20164.exe	34
PID 2732 wrote to memory of 2520	2732	Unicorn-20164.exe	34
PID 2732 wrote to memory of 340	2732	Unicorn-20164.exe	35
PID 2732 wrote to memory of 340	2732	Unicorn-20164.exe	35
PID 2732 wrote to memory of 340	2732	Unicorn-20164.exe	35
PID 2732 wrote to memory of 340	2732	Unicorn-20164.exe	35
PID 2620 wrote to memory of 2680	2620	Unicorn-17253.exe	36
PID 2620 wrote to memory of 2680	2620	Unicorn-17253.exe	36
PID 2620 wrote to memory of 2680	2620	Unicorn-17253.exe	36
PID 2620 wrote to memory of 2680	2620	Unicorn-17253.exe	36
PID 2604 wrote to memory of 2764	2604	Unicorn-37376.exe	37
PID 2604 wrote to memory of 2764	2604	Unicorn-37376.exe	37
PID 2604 wrote to memory of 2764	2604	Unicorn-37376.exe	37
PID 2604 wrote to memory of 2764	2604	Unicorn-37376.exe	37
PID 2648 wrote to memory of 3008	2648	Unicorn-942.exe	38
PID 2648 wrote to memory of 3008	2648	Unicorn-942.exe	38
PID 2648 wrote to memory of 3008	2648	Unicorn-942.exe	38
PID 2648 wrote to memory of 3008	2648	Unicorn-942.exe	38
PID 1528 wrote to memory of 3064	1528	Unicorn-13168.exe	39
PID 1528 wrote to memory of 3064	1528	Unicorn-13168.exe	39
PID 1528 wrote to memory of 3064	1528	Unicorn-13168.exe	39
PID 1528 wrote to memory of 3064	1528	Unicorn-13168.exe	39
PID 2520 wrote to memory of 1508	2520	Unicorn-50672.exe	40
PID 2520 wrote to memory of 1508	2520	Unicorn-50672.exe	40
PID 2520 wrote to memory of 1508	2520	Unicorn-50672.exe	40
PID 2520 wrote to memory of 1508	2520	Unicorn-50672.exe	40
PID 2648 wrote to memory of 1476	2648	Unicorn-942.exe	41
PID 2648 wrote to memory of 1476	2648	Unicorn-942.exe	41
PID 2648 wrote to memory of 1476	2648	Unicorn-942.exe	41
PID 2648 wrote to memory of 1476	2648	Unicorn-942.exe	41
PID 2604 wrote to memory of 2508	2604	Unicorn-37376.exe	42
PID 2604 wrote to memory of 2508	2604	Unicorn-37376.exe	42
PID 2604 wrote to memory of 2508	2604	Unicorn-37376.exe	42
PID 2604 wrote to memory of 2508	2604	Unicorn-37376.exe	42
PID 2680 wrote to memory of 1260	2680	Unicorn-34788.exe	43
PID 2680 wrote to memory of 1260	2680	Unicorn-34788.exe	43
PID 2680 wrote to memory of 1260	2680	Unicorn-34788.exe	43
PID 2680 wrote to memory of 1260	2680	Unicorn-34788.exe	43

C:\Users\Admin\AppData\Local\Temp\df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\df7a7939e0f9cb734f44ba7683aca9e0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20164.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20164.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-942.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16947.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52411.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
        10⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe
        11⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe
        12⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
        13⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
        14⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
        15⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 216
        15⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
        14⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 220
        13⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        12⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
        11⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        10⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe
        11⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24610.exe
        12⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59924.exe
        13⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
        14⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10944 -s 236
        14⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 220
        13⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 220
        12⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
        11⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
        10⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
        9⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
        10⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1633.exe
        11⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
        12⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16453.exe
        13⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18148.exe
        14⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11072 -s 216
        14⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 216
        13⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
        12⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        11⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
        10⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
        9⤵
        Program crash
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20293.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36589.exe
        9⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27383.exe
        10⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55110.exe
        11⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
        12⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
        13⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13762.exe
        14⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10728 -s 216
        14⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
        13⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 220
        12⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 236
        11⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        10⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58343.exe
        10⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24719.exe
        11⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2088.exe
        12⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe
        13⤵
        
        PID:13136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11196 -s 216
        13⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 236
        12⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        11⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        10⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
        9⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 220
        8⤵
        Program crash
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
        9⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        10⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
        11⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe
        12⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        13⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25382.exe
        14⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11000 -s 216
        14⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
        13⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
        12⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        11⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
        10⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55099.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
        10⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
        11⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        12⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41334.exe
        13⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11024 -s 216
        13⤵
        
        PID:12592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 236
        12⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
        11⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
        10⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
        9⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53864.exe
        8⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5343.exe
        9⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46236.exe
        10⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45056.exe
        11⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
        12⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
        13⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11148 -s 216
        13⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
        12⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
        11⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        10⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
        9⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        8⤵
        Program crash
        
        PID:3488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
        7⤵
        Program crash
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29919.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50984.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
        9⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15177.exe
        10⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52920.exe
        11⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43380.exe
        12⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        13⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
        14⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
        13⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 220
        12⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 236
        11⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 216
        10⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
        8⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10662.exe
        9⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
        10⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60406.exe
        11⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15108.exe
        12⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39144.exe
        13⤵
        
        PID:12372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10832 -s 216
        13⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
        12⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
        11⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        10⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
        9⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
        8⤵
        Program crash
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44798.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        8⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38483.exe
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        10⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4682.exe
        11⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        12⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12745.exe
        13⤵
        
        PID:920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10892 -s 216
        13⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 236
        12⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 236
        11⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        10⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 216
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10185.exe
        9⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45030.exe
        10⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        11⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17847.exe
        12⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10544 -s 220
        12⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
        11⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
        10⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
        9⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
        8⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
        7⤵
        Program crash
        
        PID:2772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        6⤵
        Program crash
        
        PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17501.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21197.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11269.exe
        8⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25489.exe
        9⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14601.exe
        10⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35349.exe
        11⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8356.exe
        12⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16500.exe
        13⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
        14⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11228 -s 220
        14⤵
        
        PID:13680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 236
        13⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
        12⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
        11⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 216
        10⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
        9⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62992.exe
        8⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65421.exe
        9⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29135.exe
        10⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34771.exe
        11⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
        12⤵
        
        PID:12292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 236
        12⤵
        
        PID:13176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 236
        11⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
        10⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
        9⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
        8⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61025.exe
        7⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        8⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        9⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        10⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14407.exe
        11⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41855.exe
        12⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
        13⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11008 -s 216
        13⤵
        
        PID:14152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 236
        12⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        11⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        10⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 216
        9⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 216
        8⤵
        Program crash
        
        PID:3972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
        7⤵
        Program crash
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55623.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12338.exe
        7⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        8⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        8⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        9⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
        10⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27470.exe
        11⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        12⤵
        
        PID:12344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10924 -s 216
        12⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 236
        11⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        10⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        9⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 240
        8⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9899.exe
        7⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
        8⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36836.exe
        9⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48123.exe
        10⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
        11⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
        12⤵
        
        PID:14092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8772 -s 216
        11⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
        10⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
        9⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 216
        8⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 240
        7⤵
        Program crash
        
        PID:2572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
        6⤵
        Program crash
        
        PID:3060
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25281.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59344.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7102.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        9⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56594.exe
        10⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22713.exe
        11⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38445.exe
        12⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52742.exe
        13⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
        14⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11044 -s 236
        14⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 236
        13⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        12⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
        11⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
        10⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
        9⤵
        Program crash
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42571.exe
        8⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        9⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61916.exe
        10⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
        11⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7293.exe
        12⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32824.exe
        13⤵
        
        PID:14172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 216
        12⤵
        
        PID:12868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
        11⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
        10⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 216
        9⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        8⤵
        Program crash
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16169.exe
        8⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
        9⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6760.exe
        10⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
        11⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
        12⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48179.exe
        13⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 216
        12⤵
        
        PID:12608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
        11⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
        10⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 236
        9⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 216
        8⤵
        Program crash
        
        PID:3932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
        7⤵
        Program crash
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59899.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31607.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54819.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10486.exe
        10⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        11⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28705.exe
        12⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        13⤵
        
        PID:13252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10980 -s 236
        13⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
        12⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
        11⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        10⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
        9⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
        8⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
        9⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
        10⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7708.exe
        11⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        12⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10964 -s 216
        12⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 220
        11⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 220
        10⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        9⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
        8⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22770.exe
        8⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
        10⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        11⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1811.exe
        12⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11108 -s 220
        12⤵
        
        PID:952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
        11⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
        10⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        9⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 216
        8⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
        7⤵
        Program crash
        
        PID:3168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 240
        6⤵
        Program crash
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9499.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
        7⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
        9⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
        10⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        11⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
        12⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        13⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11208 -s 216
        13⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 216
        12⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
        11⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        10⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
        9⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        8⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
        9⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45860.exe
        10⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        11⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24090.exe
        12⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11188 -s 216
        12⤵
        
        PID:13788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 216
        11⤵
        
        PID:12360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
        10⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
        9⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 240
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16614.exe
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        8⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21587.exe
        9⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57775.exe
        10⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
        11⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5428.exe
        12⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 216
        12⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
        11⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
        10⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
        9⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
        8⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
        7⤵
        Program crash
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12016.exe
        6⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        9⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31320.exe
        10⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        11⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64297.exe
        12⤵
        
        PID:13744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 236
        11⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
        10⤵
        
        PID:10100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
        9⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 216
        8⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
        7⤵
        Program crash
        
        PID:3432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
        6⤵
        Program crash
        
        PID:1668
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
        5⤵
        Program crash
        
        PID:2820
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:1476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50672.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        8⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33465.exe
        9⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47035.exe
        10⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27015.exe
        11⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
        12⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6940.exe
        13⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25740.exe
        14⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10916 -s 216
        14⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
        13⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        12⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        11⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
        10⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe
        9⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        10⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        11⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64693.exe
        12⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9896.exe
        13⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11240 -s 216
        13⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 236
        12⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
        11⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
        10⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
        9⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38103.exe
        8⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 240
        9⤵
        Program crash
        
        PID:3192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        8⤵
        Program crash
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64917.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62437.exe
        8⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
        9⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64596.exe
        10⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
        11⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60386.exe
        12⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41376.exe
        13⤵
        
        PID:14116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 216
        12⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
        11⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
        10⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 216
        9⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
        8⤵
        Program crash
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22566.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        7⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
        8⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6241.exe
        9⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54617.exe
        10⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        11⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe
        12⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
        13⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26263.exe
        13⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10904 -s 212
        13⤵
        
        PID:14080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 216
        12⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
        11⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
        10⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 236
        9⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 236
        8⤵
        Program crash
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38295.exe
        7⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
        8⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        9⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27319.exe
        10⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        11⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
        12⤵
        
        PID:14100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 216
        11⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
        10⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
        9⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 216
        8⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 220
        7⤵
        Program crash
        
        PID:4012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
        6⤵
        Program crash
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17667.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25275.exe
        7⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42292.exe
        8⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
        9⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22285.exe
        10⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
        11⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe
        12⤵
        
        PID:13152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10760 -s 236
        12⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 236
        11⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 236
        10⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        9⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
        8⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 216
        7⤵
        Program crash
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40412.exe
        6⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41825.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11669.exe
        8⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11228.exe
        9⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34444.exe
        10⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
        11⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59855.exe
        12⤵
        
        PID:13400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 216
        11⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
        10⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        9⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        8⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
        7⤵
        Program crash
        
        PID:3392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 220
        6⤵
        Program crash
        
        PID:2840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
        5⤵
        Program crash
        
        PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9333.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29365.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26288.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27523.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48841.exe
        8⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        9⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
        10⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24719.exe
        11⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19193.exe
        12⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5428.exe
        13⤵
        
        PID:13192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 216
        13⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 216
        12⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
        11⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        10⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
        9⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56718.exe
        8⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7424.exe
        9⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
        10⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4439.exe
        11⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
        12⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10440 -s 204
        12⤵
        
        PID:13628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
        11⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
        10⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        9⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        8⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45504.exe
        7⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15998.exe
        9⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
        10⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17652.exe
        11⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28174.exe
        12⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 216
        12⤵
        
        PID:13768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 216
        11⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
        10⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
        9⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 236
        8⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 240
        7⤵
        Program crash
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        6⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25681.exe
        7⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23045.exe
        8⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53447.exe
        9⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6597.exe
        10⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        11⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59440.exe
        12⤵
        
        PID:14328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 236
        11⤵
        
        PID:13028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
        10⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
        9⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
        8⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        7⤵
        
        PID:3620
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
        6⤵
        Program crash
        
        PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
        6⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52925.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11669.exe
        8⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
        9⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2155.exe
        10⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
        11⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
        12⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
        11⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
        10⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
        9⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
        8⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
        7⤵
        Program crash
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49588.exe
        6⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37814.exe
        8⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53582.exe
        9⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44849.exe
        10⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31744.exe
        11⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11164 -s 216
        11⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
        10⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 220
        9⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
        8⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
        7⤵
        
        PID:5096
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
        6⤵
        Program crash
        
        PID:3816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 240
        5⤵
        Program crash
        
        PID:1640
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3044
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37376.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37376.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25115.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4860.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2167.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3402.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31737.exe
        9⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
        10⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64077.exe
        11⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45279.exe
        12⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40723.exe
        13⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
        14⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        15⤵
        
        PID:14312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 216
        14⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
        13⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
        12⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        11⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
        10⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        9⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        10⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35767.exe
        11⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
        12⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
        13⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
        14⤵
        
        PID:14268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 216
        13⤵
        
        PID:12944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
        12⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        11⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
        10⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
        9⤵
        Program crash
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32291.exe
        8⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22064.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56677.exe
        10⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41579.exe
        11⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        12⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52431.exe
        13⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 216
        13⤵
        
        PID:13200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 236
        12⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
        11⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
        10⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
        9⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
        8⤵
        Program crash
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20938.exe
        8⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14601.exe
        10⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10844.exe
        11⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        12⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        13⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
        14⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10416 -s 216
        14⤵
        
        PID:13832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 236
        13⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        12⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        11⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
        10⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        9⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55769.exe
        10⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50505.exe
        11⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62000.exe
        12⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45387.exe
        13⤵
        
        PID:12308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11220 -s 204
        13⤵
        
        PID:13620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 216
        12⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        11⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
        10⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
        9⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5130.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28006.exe
        9⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51877.exe
        10⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51164.exe
        11⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50298.exe
        12⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe
        13⤵
        
        PID:13444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
        12⤵
        
        PID:12684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
        11⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        10⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
        9⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
        8⤵
        Program crash
        
        PID:3612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
        7⤵
        Program crash
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35586.exe
        6⤵
        Executes dropped EXE
        
        PID:2892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
        6⤵
        Program crash
        
        PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52966.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
        7⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13511.exe
        8⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47710.exe
        9⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
        10⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
        11⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        12⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11128 -s 216
        12⤵
        
        PID:13476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 236
        11⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
        10⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
        9⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 240
        8⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        7⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        8⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
        9⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
        10⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        11⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11132 -s 216
        11⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
        10⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 236
        9⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 236
        8⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
        7⤵
        
        PID:4516
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
        6⤵
        Program crash
        
        PID:2512
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        5⤵
        Program crash
        
        PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62618.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41617.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        7⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe
        8⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1965.exe
        9⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
        10⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8657.exe
        11⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
        11⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 236
        10⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
        9⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
        8⤵
        Program crash
        
        PID:3460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
        7⤵
        Program crash
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        6⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53885.exe
        7⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59479.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46283.exe
        9⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20635.exe
        10⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57485.exe
        11⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
        12⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11020 -s 216
        12⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 216
        11⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        10⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        9⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
        8⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31445.exe
        7⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        8⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24719.exe
        9⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31445.exe
        10⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63072.exe
        11⤵
        
        PID:13260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10456 -s 216
        11⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
        10⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
        9⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
        8⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
        7⤵
        
        PID:4116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        6⤵
        Program crash
        
        PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10994.exe
        6⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
        8⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31156.exe
        9⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
        10⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        11⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20826.exe
        12⤵
        
        PID:13652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 216
        11⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
        10⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 236
        9⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 216
        8⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
        7⤵
        Program crash
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38487.exe
        6⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18494.exe
        7⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        8⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9664.exe
        9⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        10⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20421.exe
        11⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10968 -s 216
        11⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
        10⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 220
        9⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 220
        8⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
        7⤵
        
        PID:6116
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
        5⤵
        Program crash
        
        PID:1544
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37533.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
        7⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49993.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        9⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
        10⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe
        11⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exe
        12⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29269.exe
        13⤵
        
        PID:13956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 216
        12⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
        11⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 236
        10⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 216
        9⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 236
        8⤵
        Program crash
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34211.exe
        7⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36671.exe
        9⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55440.exe
        10⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54491.exe
        11⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
        12⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11260 -s 216
        12⤵
        
        PID:13928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
        11⤵
        
        PID:12560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
        10⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
        9⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 216
        8⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        7⤵
        Program crash
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64917.exe
        6⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        7⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        8⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31460.exe
        9⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3541.exe
        10⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21381.exe
        11⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11092 -s 216
        11⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
        10⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
        9⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 216
        8⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
        7⤵
        
        PID:3780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
        6⤵
        Program crash
        
        PID:604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
        6⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29765.exe
        7⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
        8⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57497.exe
        9⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
        10⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
        11⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        12⤵
        
        PID:14236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 236
        11⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
        10⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        9⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 216
        8⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
        7⤵
        Program crash
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1731.exe
        6⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
        7⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7803.exe
        8⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2347.exe
        9⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63702.exe
        10⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28117.exe
        11⤵
        
        PID:13868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
        10⤵
        
        PID:12764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
        9⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
        8⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
        7⤵
        
        PID:5200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
        6⤵
        Program crash
        
        PID:3300
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 240
        5⤵
        Program crash
        
        PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46516.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        6⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11176.exe
        8⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33136.exe
        9⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
        10⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46982.exe
        11⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
        12⤵
        
        PID:13992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
        11⤵
        
        PID:12800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
        10⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        9⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
        8⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
        7⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
        6⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
        7⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31156.exe
        8⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64376.exe
        9⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29686.exe
        10⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14629.exe
        11⤵
        
        PID:13488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 236
        10⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
        9⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        8⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
        7⤵
        
        PID:5968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
        6⤵
        Program crash
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32436.exe
        5⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
        6⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
        9⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28321.exe
        10⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17847.exe
        11⤵
        
        PID:12904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11256 -s 220
        11⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
        10⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
        9⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        8⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
        7⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59650.exe
        6⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39267.exe
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
        8⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
        9⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        10⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10824 -s 216
        10⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
        9⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        8⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        7⤵
        
        PID:6496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
        6⤵
        
        PID:4904
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        5⤵
        Program crash
        
        PID:2332
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
      4⤵
      Program crash
      PID:2640
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2508
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
  2⤵
  - Program crash
  PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14407.exe

Filesize
184KB

MD5
068f8c0acba297e8b7a3b160b6c170b0

SHA1
6b9c4aedf4d1e3787549a827b28ec7b694a48c56

SHA256
be59049f2e2df25d21178bbc2ee2a53f75750c77dfe4b5be379b949b9608c6b5

SHA512
efc5bcca6eb82ff114be55d424193ee91674696d71928f8542573fdf792d96c8c3413281a2d43da9bc25371968fb01ed1a85def0b16c6e115da068b9ecbae0a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1965.exe

Filesize
184KB

MD5
87a291350208be7a5a3b9fd901e4caae

SHA1
9b4cfdf18a0a89feea47b150536fbc09961c463f

SHA256
2147875a357c347fd988fc05331b308f65df17d60d779e5e13ad1fa329d097ae

SHA512
bd9abbe4f84bde36433a4645352c35ad436e27a18cde899bdff116916cfd2d9fe1c5a53821522d6c1ce3d660d817ceca92b9579c13a21845c5ba00949d9ef8d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20826.exe

Filesize
184KB

MD5
27b5bf5950fb962f49017105f31d68bb

SHA1
7ed144590a7705b99804645ac039a56bff6dceda

SHA256
06600fade82e1d7cd90822dd9f1cad243fb47688e77bf725acba353c8f76196b

SHA512
033581d391589aa0e2ba047f0970f9c2129db7141cf0a9b84f31310b33a51776720fc04b0e5fc5153865a6f733b4c0e86d120bf37eab9c21c583f3a697ac4906

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe

Filesize
184KB

MD5
4d99aa8dd769123851eca681c9be3c4e

SHA1
fa50f298b8c519f27c944c4cd1d13e69712c03d4

SHA256
7581597aca228788bdbb0d32a902c3700f8c60f9ca8c55fdbb11224300f061cb

SHA512
092ab9633098695806bbf19f47de42120951f334d2bb0ce72f8d1a3f8c82dfdd2c9fcd7f3cdddcaebcb9b280671319b1eef0605f4bb2ac1c50999592eb35ae4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2347.exe

Filesize
184KB

MD5
b1d667436f7469df76579126a48baa79

SHA1
e99e354dd2373d379cd5cbcf82b46dfad11d4d61

SHA256
8140de45b6aacb1dfc858c74daaaabad2e94c118d3bf1d61cd16d55405dda9b7

SHA512
0c2017a290401c3fb1aa1ec6d4e7d65e316f2597433bccf254e5bb73dfb6c918a064b815f5401205c804650fae037d0f942129e2e64046435cbe10bcbbc7e5cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe

Filesize
184KB

MD5
f23f214760198eca36dc12fafbd93cc7

SHA1
9468ed8a5dabe0d88ad75b34cdcd8b66125d2624

SHA256
e5cce8a0cbdd28d1d8f798d0be9f8fedf86138cd7bb0ced37cd41e3dba7d329a

SHA512
1c762a0d39a4b06ef939e2e3e99083f2de849166bc030dcdd0f666e5d4c6c0ab5be27e82d89fb5022f3b9dd5b5a75527d4b6fd3a74c84c15f7c00cea963d4f2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe

Filesize
184KB

MD5
35d9086f69a31b80f4dba8cf099be2b8

SHA1
3f1e9a78fdf0b7f46a63b060c62696b6b02d2620

SHA256
2dc96574e8b3fded1d2cc906848cf438232d3f123ee8cadde9ff78e1c16d7f8f

SHA512
42eec01f3e5cfc0e749d4373458fa1dbfa6ab73d9175056b535dd1b2b52635c2710201e01b046fa76a8d1c7b903280afd8b98f3fa1f2aeda6a138ef9a0929e0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe

Filesize
184KB

MD5
8f577f0ac863e5fa71e2dcfa1650ee1a

SHA1
2b4db3d999895460a2a3ed206320529766389892

SHA256
90a582c5ae7896e97368a699d8101d970595a3393ed1d37d0d3f45ee273422f5

SHA512
3faaadd41d8797e191b9c2a8bd8c541362a0bb413b2a20fa76bfaf68781a08673bc000fe86fbb061b6ac4934f7e675aac43b94ae7acd2acb4222f7be661f2ac6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe

Filesize
184KB

MD5
6ce8bb07158c536992b9d9a4c83c8111

SHA1
d0225044a745f33d95d9973df05ea588bd625cb5

SHA256
fd02ebf6e85c8f8e5c7db2eef26b76fbad5e2eafa06621b3024691cd2a527377

SHA512
6aa38885ff3d4f0666abb6438cdabd37f1c0138ba54c0aa265348f5a5a6f00407f30efbfd008c3ec9e8042d6f70586797820ff7daa7d5f2b90caadfe65be7978

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe

Filesize
184KB

MD5
92c05afb0287c4bd8554af0f3d2de17b

SHA1
d85b7440a15a8f63c2c7d4ec1d890589eb7f8b34

SHA256
2223c1c689318787e9cac4a8dd6095721a143489009cdd980ccff9c4f4d2db19

SHA512
3bd903eee318d58e5583830c87ec4c5b9bd7a9b16ca8fbcd3c03453c54e5fe5ca4458cf31d34eda927a25de7b6791acc992e01f0e603f85b5b64b425b8e0a7c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36671.exe

Filesize
184KB

MD5
0de511eb5e1440af54c8585bf37e912f

SHA1
3f2f5777e7705739b737c82dfd66e199c070d543

SHA256
f35d19931e42271b318c0f7d3e5315abbc9fe6b74f60a681ae3111d096eec1a6

SHA512
c8e3aaed471ee0363848add9677d6462c3b9e0d8f4fa8d3378ff3ec7f7ff056747df33c33b4c2de0b69666df42ceb886167543b93acb322dda3865d6fc66ff48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe

Filesize
184KB

MD5
8afec2c75492d1a5ed3924a18c54f760

SHA1
01cf4c07fad64063b4b6bb14bfcb539a8b66f560

SHA256
fe93429e776550b641d09aba7ca7642ac7e68528b394e438c2d18ae131ccafcb

SHA512
c9339f06bc51756f40227104876389f16ae1e4012e31e2e1d87436bb69462aea0cee2ae0b6fc92ebab4946e547d99bf04636f3f1bc6d1c2f9747f0a185c5e48d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50672.exe

Filesize
184KB

MD5
75cafbceee8d29e9b44494dcc264d4c0

SHA1
d80452cbcbac953cf67b7f1211c1a21f7ac340ec

SHA256
a40b3e97cbbffcd7566db8caad7b8a93e04c6ce92cd5603cc6868539a75c71d3

SHA512
cae0df3b2e28e3972468fb6ded90957b60c241988393bad5efc1b63974ce8b5b67118943412ca0ed01434a16a1515b40132b3c45a9440f7615c9e4688e38e64e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe

Filesize
184KB

MD5
feb81f98173d9b1107f405e5ad7a41c4

SHA1
cfc540539ec3a7be63f0682855c7296d6a953d33

SHA256
eb1a4d1c7d7c3019bb83fa0a9054ec6dd71a2c2c50aeba759cdd3dd3fc13bc68

SHA512
36108523fb55b687301f38ff29483409a30263fd062888d3ac4dd39030515a2bb49d9bc54957994838c2818422d3ef96b56b38b1afae31d41f9d0109a28ce977

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe

Filesize
184KB

MD5
3bd1a0e8a76d68a53f35fc5217808631

SHA1
dd4496f011a2cf1ebb1eaac08f75402bf9a1b8f0

SHA256
fa9dd7d1631df473a79fcd6dfc23795b25ac4dfd981e2373917b3f922dd888f1

SHA512
67d25b549c373595fbd0658613fef6258128428565e7d282f9903918bf8be41e3af1c9dc8de7bcacf9499f00fd8b12e72680e58fe47b94570fd8ea3ace097d5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62618.exe

Filesize
184KB

MD5
d9f60a6ee171f16aca408d2a982264af

SHA1
59a91dbeaa0fdffb603d0f241108c65eecf07613

SHA256
97e433ccba5690d9ceb78709e7b358fd1391c3a9b5cd0c5e800ddabd969dabbc

SHA512
67cec2d6a8f2b00446f1a1e934a85a523b9f2b6593672887ea240d5c77ca50c255a3fc9f44255dcc4148549b977d6dab9644e404dcf8856ff6ccedf26bbf6659

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9664.exe

Filesize
184KB

MD5
b5a3175a5203f536ecbf9b20828c1930

SHA1
df80ce3476b7f9ad9fbf6fb8ec49d5d3efdd205e

SHA256
6a4d03c09884eba72052d4b81d3e4e84517ce4f36f7637eb0922bd9ce34c1429

SHA512
0f3fb15717248213ac9441bdcbab59f4d33feec31844319b6766467576b6efc3fa0202f7099bf5c44761607c285747b09a8a16af814cac90e528698b7714fe26

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe

Filesize
184KB

MD5
1f2d2c8d21c817327a252b8e214c87d9

SHA1
b71a624baefc1d2fe8ad115fd0f1b43bac647da2

SHA256
a15048c9472753c798922f5b2965850ef206ceed9f3e5aaa4470ca0a9c8d3cb6

SHA512
6eb630d56a838b66258a885c9107e80be9ead61314e8d5afe2405ab6089e29e1d81d1de463a33c579c026cec50085a36cc722cb9a36f38827d548c7a48f2785b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16947.exe

Filesize
184KB

MD5
5092f426d7f08f1795ceed3f6e3cedbd

SHA1
b493a3aad23c66bd6ec6c3b9772f2a8be465cd40

SHA256
29eccf478ae2d131d0509658936b96ae0d9d86faf300a1d158d6785255e248f2

SHA512
599ff71282e7a3fba8ede783140ebce0da7ed7654ce3ac7384c12d6d462757caa79e4eb9317e5b30ebaa4689dd9c24c79170c6d11d332ed2316204f0e08e7c28

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe

Filesize
184KB

MD5
b517c62678e26f1908dc85bfe0b5c1f9

SHA1
769058aaba2fecbe201c4ea759096f2e6b7c2518

SHA256
f46dd7d9a179d015199179603635000f16305b6fa87fee083e8801a0338bc264

SHA512
9b4dae88a6ad7f44c52c5b2c945ad3bffd159fe0a527760e7e1eb7cbf48479bd46d6f19bc053210b5d1441802076075b45fefd6be27ce89ee207840aecdf9e54

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17501.exe

Filesize
184KB

MD5
254fe4964392931ed96b0f35f13476c4

SHA1
783a766f341fce56dee31f3bbf5e95958a315a65

SHA256
63426a421aaedab3965ef24b5ab64e503d1ae0e1768c29077fb27f0e541e367b

SHA512
49e5fd75b56717faa06ca2873fd2a23e02f4682277de96be09152cc905259083ded63e580c96475bcaf293278748200aeaf6f373d5c8ac3ed0526d889b50901c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe

Filesize
184KB

MD5
b4d619b45acf9a8b02d381dd51bb0c34

SHA1
436dcfc0560837648e8b4981afd40a7648bc03bb

SHA256
5d8bc3f3aa415d10cf452939ede306e51e6351623ae0673560d93c79603f8973

SHA512
8930be2cb56ea93bfed2b6b0a750d1c0437dc0717581fd92cbfd2efc2527821bc44392b709cf8b6d955cac7a822128772fc39cd0691c0bd781f09376cbc53fbd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20164.exe

Filesize
184KB

MD5
a021c7de8047b7e5529333553dd5640f

SHA1
79ca9a72c1d3463f5a7ec26c3b2c5b313224e52a

SHA256
4e56294ead6bd670d175c51c969fc88e03bbafef3be64b2279e7e5eb80dabfd9

SHA512
025669c4cf879bdbfd9977538df63b6c3d88effe1d5475be80162a9c90e2d358aafae91827455555c55ba10ef5d0cabc023357dc69328b7ae5bd59fc14cf0729

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25115.exe

Filesize
184KB

MD5
2303daf6905beeda87aa98ccbaf153a0

SHA1
1ee69352e9711a17eff041c530060895b5f8c3ce

SHA256
03d542e7086c279059d595609a16396b2d8900c7a9c195123065fbd9a1a18227

SHA512
d2af52d50b39a6e66476010c340c1e5cd7ec8f09994730c9b10e74ba3d57cb1955f11f056a691e70e3988708d0bb923c44b80e9628531d53d09afae3edf9c0a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe

Filesize
184KB

MD5
f79f8cfbc0bfdd4b8c09f2d74a9341dd

SHA1
17b6972961c5ce5058a4a715c69f7407a2bc7e34

SHA256
4749dc940a09c9f97589a032c9a136fa040e8457869569c477eacb92c885ae75

SHA512
130d0c14fdf6ff4764f6e5cdf66f9613251ae757175544d59d9a52ea2bea80d58f8da7a1dc32c470844b763f006aa29b87136e69f61ac54de9d87b4359c7d0a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37376.exe

Filesize
184KB

MD5
cf27b2205dee80cb6078741533caf3cd

SHA1
c9f7bb34c7cfd841d4dc9b3c2553d9c0b6b4ff5d

SHA256
bdb5aadf0fa86902e721a4c8744f8e527df42b438028c92ebf39bd3deb772da7

SHA512
c9327ce7f8509cbe1529688c2e2afee1b454a3079a4dbed6a606ff3d0af06ff18f43b9d5ca5de59179d0bae1d6d16ef0130a94f3c0f913bd40b10dc4e20a0a47

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe

Filesize
184KB

MD5
21d7c35efeac974836c7c0e7bc46c314

SHA1
60d9ff824fc989a05a46d024a1fe379c61dbd816

SHA256
7fe4bda695562ef9abbc046061b97c86ee13a9b1742fdac258a5d33b1e1a3b31

SHA512
900360e59db2083c1cdd5a351ef30fb6b63ef8723d2f5893cfc35d7a2953e91ffa58845b4c0b418c71b14ae70957c1d64982fd6c68d71233cd852ad9bae1b907

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-942.exe

Filesize
184KB

MD5
f7d575528cf16fc932b8498ce317126b

SHA1
4150833f7d3aa7ca962dc782a468c5eaaf0de5b7

SHA256
90fc038a4c6110f4067fdec12b6876c1e39072000810064b5657f640cd7356e6

SHA512
289078628f9180389f3730030e6e4c39063e494988eb3f5fdb9c5a7a1565eecf0288012ac2ddc0b5f58756818fa0f69cd335d93abe7b15321c3ef6dcb320a718

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads