5932460962f871c71575035df0d997a26d801ae0e3b08431f85aaa91bc4ea4a9

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 19:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe
Size

184KB
MD5

68d35e586e7f38cd9a043c14a36cc8c0
SHA1

8c002b8e6b9714053f44cfa1f47339ca7b6f1f00
SHA256

5932460962f871c71575035df0d997a26d801ae0e3b08431f85aaa91bc4ea4a9
SHA512

812289ec503bbab33736f50d991881925eca582ba22fb2cf7282631937e69f54cedddf4d5f41f620cba3f333cfec4d844c80607177c91fcb5dc8edec9319c37c
SSDEEP

1536:xBk8EjZ5pW+8o5u1IR7AlOw469yYAc8DmdAjw2R2VkgtC4l5hj5nizpvg:TQZW+8o0iR73JEtnqw2R9OC4lnViFY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2040	Unicorn-5006.exe
2688	Unicorn-31732.exe
2576	Unicorn-24118.exe
2608	Unicorn-52295.exe
2484	Unicorn-44682.exe
2192	Unicorn-64547.exe
2796	Unicorn-51309.exe
2928	Unicorn-62170.exe
2068	Unicorn-55393.exe
1868	Unicorn-59477.exe
1452	Unicorn-12969.exe
1936	Unicorn-8413.exe
1220	Unicorn-8968.exe
532	Unicorn-11127.exe
2052	Unicorn-45938.exe
576	Unicorn-7043.exe
2652	Unicorn-34240.exe
1708	Unicorn-54106.exe
2424	Unicorn-64967.exe
1628	Unicorn-48460.exe
1224	Unicorn-10120.exe
1956	Unicorn-4111.exe
2272	Unicorn-7126.exe
1048	Unicorn-30239.exe
1464	Unicorn-62357.exe
2980	Unicorn-55813.exe
2168	Unicorn-22394.exe
1844	Unicorn-15849.exe
2220	Unicorn-904.exe
2904	Unicorn-13156.exe
2008	Unicorn-13156.exe
1536	Unicorn-24017.exe
2392	Unicorn-22669.exe
2680	Unicorn-33529.exe
3024	Unicorn-49311.exe
2640	Unicorn-26753.exe
2504	Unicorn-37613.exe
2728	Unicorn-8833.exe
1888	Unicorn-2056.exe
1752	Unicorn-10224.exe
2128	Unicorn-10779.exe
2204	Unicorn-12170.exe
1016	Unicorn-12170.exe
2532	Unicorn-23031.exe
1364	Unicorn-42897.exe
884	Unicorn-35283.exe
1944	Unicorn-20339.exe
2172	Unicorn-31199.exe
1900	Unicorn-51065.exe
764	Unicorn-16255.exe
480	Unicorn-63317.exe
1424	Unicorn-63748.exe
1624	Unicorn-53442.exe
1316	Unicorn-64303.exe
2288	Unicorn-28746.exe
2132	Unicorn-55388.exe
872	Unicorn-35522.exe
2752	Unicorn-63556.exe
1616	Unicorn-10271.exe
2596	Unicorn-33384.exe
2604	Unicorn-53250.exe
2468	Unicorn-49166.exe
2388	Unicorn-29300.exe
2460	Unicorn-60027.exe

Loads dropped DLL 64 IoCs

pid	Process
2844	68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe
2844	68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe
2040	Unicorn-5006.exe
2040	Unicorn-5006.exe
2844	68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe
2844	68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe
2576	Unicorn-24118.exe
2576	Unicorn-24118.exe
2040	Unicorn-5006.exe
2040	Unicorn-5006.exe
2688	Unicorn-31732.exe
2688	Unicorn-31732.exe
2716	WerFault.exe
2716	WerFault.exe
2716	WerFault.exe
2716	WerFault.exe
2716	WerFault.exe
2608	Unicorn-52295.exe
2608	Unicorn-52295.exe
2576	Unicorn-24118.exe
2576	Unicorn-24118.exe
2192	Unicorn-64547.exe
2192	Unicorn-64547.exe
2484	Unicorn-44682.exe
2484	Unicorn-44682.exe
2688	Unicorn-31732.exe
2688	Unicorn-31732.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
856	WerFault.exe
856	WerFault.exe
856	WerFault.exe
856	WerFault.exe
2312	WerFault.exe
856	WerFault.exe
2796	Unicorn-51309.exe
2796	Unicorn-51309.exe
2608	Unicorn-52295.exe
2608	Unicorn-52295.exe
2928	Unicorn-62170.exe
1452	Unicorn-12969.exe
1452	Unicorn-12969.exe
2928	Unicorn-62170.exe
2068	Unicorn-55393.exe
2068	Unicorn-55393.exe
2192	Unicorn-64547.exe
2192	Unicorn-64547.exe
1868	Unicorn-59477.exe
1868	Unicorn-59477.exe
2484	Unicorn-44682.exe
2484	Unicorn-44682.exe
3048	WerFault.exe
3048	WerFault.exe
3048	WerFault.exe
3048	WerFault.exe
3048	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
2100	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2744	2844	WerFault.exe	27
2716	2040	WerFault.exe	28
2312	2576	WerFault.exe	30
856	2688	WerFault.exe	29
3048	2608	WerFault.exe	32
1184	2484	WerFault.exe	33
2100	2192	WerFault.exe	34
2612	2796	WerFault.exe	36
2712	2928	WerFault.exe	37
2736	1452	WerFault.exe	40
2472	2068	WerFault.exe	38
2944	1868	WerFault.exe	39
2224	2272	WerFault.exe	57
1732	1936	WerFault.exe	43
1712	1220	WerFault.exe	44
1932	2052	WerFault.exe	45
920	532	WerFault.exe	46
372	576	WerFault.exe	47
2032	2424	WerFault.exe	50
2012	1708	WerFault.exe	49
2848	1628	WerFault.exe	54
1540	1224	WerFault.exe	55
1892	1956	WerFault.exe	56
2384	1048	WerFault.exe	58
1456	1464	WerFault.exe	59
2456	2980	WerFault.exe	60
548	2008	WerFault.exe	65
2324	2168	WerFault.exe	61
2348	1844	WerFault.exe	62
2960	1536	WerFault.exe	66
2308	2904	WerFault.exe	64
3208	2392	WerFault.exe	68
3224	2680	WerFault.exe	69
3432	2504	WerFault.exe	75
3560	1752	WerFault.exe	80
3596	1888	WerFault.exe	79
3620	3024	WerFault.exe	71
3628	2172	WerFault.exe	88
3656	2532	WerFault.exe	84
3696	2728	WerFault.exe	78
3720	1016	WerFault.exe	83
3744	2128	WerFault.exe	81
3808	1944	WerFault.exe	87
3908	764	WerFault.exe	90
3996	2640	WerFault.exe	73
4056	2288	WerFault.exe	102
3148	872	WerFault.exe	103
3168	1364	WerFault.exe	85
3236	2132	WerFault.exe	104
3320	480	WerFault.exe	91
3328	2752	WerFault.exe	105
3368	2596	WerFault.exe	107
3468	2460	WerFault.exe	111
3512	1776	WerFault.exe	112
4044	2204	WerFault.exe	82
1368	2276	WerFault.exe	121
3084	2236	WerFault.exe	119
3116	1168	WerFault.exe	114
3176	2164	WerFault.exe	128
3280	1740	WerFault.exe	113
3200	1940	WerFault.exe	118
3496	1916	WerFault.exe	127
3728	1900	WerFault.exe	89
3860	1784	WerFault.exe	125

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2844	68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe
2040	Unicorn-5006.exe
2688	Unicorn-31732.exe
2576	Unicorn-24118.exe
2608	Unicorn-52295.exe
2484	Unicorn-44682.exe
2192	Unicorn-64547.exe
2796	Unicorn-51309.exe
2928	Unicorn-62170.exe
1452	Unicorn-12969.exe
2068	Unicorn-55393.exe
1868	Unicorn-59477.exe
1936	Unicorn-8413.exe
1220	Unicorn-8968.exe
532	Unicorn-11127.exe
2052	Unicorn-45938.exe
576	Unicorn-7043.exe
2652	Unicorn-34240.exe
1708	Unicorn-54106.exe
2424	Unicorn-64967.exe
1628	Unicorn-48460.exe
1224	Unicorn-10120.exe
1956	Unicorn-4111.exe
2272	Unicorn-7126.exe
1048	Unicorn-30239.exe
1464	Unicorn-62357.exe
2980	Unicorn-55813.exe
2168	Unicorn-22394.exe
1844	Unicorn-15849.exe
2220	Unicorn-904.exe
2904	Unicorn-13156.exe
1536	Unicorn-24017.exe
2008	Unicorn-13156.exe
2392	Unicorn-22669.exe
2680	Unicorn-33529.exe
3024	Unicorn-49311.exe
2640	Unicorn-26753.exe
2504	Unicorn-37613.exe
2728	Unicorn-8833.exe
1888	Unicorn-2056.exe
1752	Unicorn-10224.exe
2128	Unicorn-10779.exe
2204	Unicorn-12170.exe
2532	Unicorn-23031.exe
1016	Unicorn-12170.exe
1364	Unicorn-42897.exe
884	Unicorn-35283.exe
2172	Unicorn-31199.exe
1944	Unicorn-20339.exe
1900	Unicorn-51065.exe
764	Unicorn-16255.exe
480	Unicorn-63317.exe
1424	Unicorn-63748.exe
1316	Unicorn-64303.exe
1624	Unicorn-53442.exe
2288	Unicorn-28746.exe
2132	Unicorn-55388.exe
872	Unicorn-35522.exe
2752	Unicorn-63556.exe
1616	Unicorn-10271.exe
2596	Unicorn-33384.exe
2604	Unicorn-53250.exe
2468	Unicorn-49166.exe
2388	Unicorn-29300.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2040	2844	68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe	28
PID 2844 wrote to memory of 2040	2844	68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe	28
PID 2844 wrote to memory of 2040	2844	68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe	28
PID 2844 wrote to memory of 2040	2844	68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe	28
PID 2040 wrote to memory of 2688	2040	Unicorn-5006.exe	29
PID 2040 wrote to memory of 2688	2040	Unicorn-5006.exe	29
PID 2040 wrote to memory of 2688	2040	Unicorn-5006.exe	29
PID 2040 wrote to memory of 2688	2040	Unicorn-5006.exe	29
PID 2844 wrote to memory of 2576	2844	68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe	30
PID 2844 wrote to memory of 2576	2844	68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe	30
PID 2844 wrote to memory of 2576	2844	68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe	30
PID 2844 wrote to memory of 2576	2844	68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe	30
PID 2844 wrote to memory of 2744	2844	68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe	31
PID 2844 wrote to memory of 2744	2844	68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe	31
PID 2844 wrote to memory of 2744	2844	68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe	31
PID 2844 wrote to memory of 2744	2844	68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe	31
PID 2576 wrote to memory of 2608	2576	Unicorn-24118.exe	32
PID 2576 wrote to memory of 2608	2576	Unicorn-24118.exe	32
PID 2576 wrote to memory of 2608	2576	Unicorn-24118.exe	32
PID 2576 wrote to memory of 2608	2576	Unicorn-24118.exe	32
PID 2040 wrote to memory of 2484	2040	Unicorn-5006.exe	33
PID 2040 wrote to memory of 2484	2040	Unicorn-5006.exe	33
PID 2040 wrote to memory of 2484	2040	Unicorn-5006.exe	33
PID 2040 wrote to memory of 2484	2040	Unicorn-5006.exe	33
PID 2688 wrote to memory of 2192	2688	Unicorn-31732.exe	34
PID 2688 wrote to memory of 2192	2688	Unicorn-31732.exe	34
PID 2688 wrote to memory of 2192	2688	Unicorn-31732.exe	34
PID 2688 wrote to memory of 2192	2688	Unicorn-31732.exe	34
PID 2040 wrote to memory of 2716	2040	Unicorn-5006.exe	35
PID 2040 wrote to memory of 2716	2040	Unicorn-5006.exe	35
PID 2040 wrote to memory of 2716	2040	Unicorn-5006.exe	35
PID 2040 wrote to memory of 2716	2040	Unicorn-5006.exe	35
PID 2608 wrote to memory of 2796	2608	Unicorn-52295.exe	36
PID 2608 wrote to memory of 2796	2608	Unicorn-52295.exe	36
PID 2608 wrote to memory of 2796	2608	Unicorn-52295.exe	36
PID 2608 wrote to memory of 2796	2608	Unicorn-52295.exe	36
PID 2576 wrote to memory of 2928	2576	Unicorn-24118.exe	37
PID 2576 wrote to memory of 2928	2576	Unicorn-24118.exe	37
PID 2576 wrote to memory of 2928	2576	Unicorn-24118.exe	37
PID 2576 wrote to memory of 2928	2576	Unicorn-24118.exe	37
PID 2192 wrote to memory of 2068	2192	Unicorn-64547.exe	38
PID 2192 wrote to memory of 2068	2192	Unicorn-64547.exe	38
PID 2192 wrote to memory of 2068	2192	Unicorn-64547.exe	38
PID 2192 wrote to memory of 2068	2192	Unicorn-64547.exe	38
PID 2484 wrote to memory of 1868	2484	Unicorn-44682.exe	39
PID 2484 wrote to memory of 1868	2484	Unicorn-44682.exe	39
PID 2484 wrote to memory of 1868	2484	Unicorn-44682.exe	39
PID 2484 wrote to memory of 1868	2484	Unicorn-44682.exe	39
PID 2688 wrote to memory of 1452	2688	Unicorn-31732.exe	40
PID 2688 wrote to memory of 1452	2688	Unicorn-31732.exe	40
PID 2688 wrote to memory of 1452	2688	Unicorn-31732.exe	40
PID 2688 wrote to memory of 1452	2688	Unicorn-31732.exe	40
PID 2576 wrote to memory of 2312	2576	Unicorn-24118.exe	41
PID 2576 wrote to memory of 2312	2576	Unicorn-24118.exe	41
PID 2576 wrote to memory of 2312	2576	Unicorn-24118.exe	41
PID 2576 wrote to memory of 2312	2576	Unicorn-24118.exe	41
PID 2688 wrote to memory of 856	2688	Unicorn-31732.exe	42
PID 2688 wrote to memory of 856	2688	Unicorn-31732.exe	42
PID 2688 wrote to memory of 856	2688	Unicorn-31732.exe	42
PID 2688 wrote to memory of 856	2688	Unicorn-31732.exe	42
PID 2796 wrote to memory of 1936	2796	Unicorn-51309.exe	43
PID 2796 wrote to memory of 1936	2796	Unicorn-51309.exe	43
PID 2796 wrote to memory of 1936	2796	Unicorn-51309.exe	43
PID 2796 wrote to memory of 1936	2796	Unicorn-51309.exe	43

C:\Users\Admin\AppData\Local\Temp\68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\68d35e586e7f38cd9a043c14a36cc8c0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31732.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55393.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7043.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22394.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47604.exe
        9⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56431.exe
        10⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26748.exe
        11⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17122.exe
        12⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        13⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
        14⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 212
        15⤵
        
        PID:916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
        14⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
        13⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
        12⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 216
        11⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
        10⤵
        Program crash
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
        9⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
        10⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55824.exe
        11⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        12⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47786.exe
        13⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        14⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10004 -s 220
        14⤵
        
        PID:12476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 216
        13⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
        12⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
        11⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 216
        10⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
        9⤵
        Program crash
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39990.exe
        8⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
        9⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46182.exe
        10⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28990.exe
        11⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
        12⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57303.exe
        13⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        14⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 236
        14⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 236
        13⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 236
        12⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 236
        11⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
        10⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
        9⤵
        Program crash
        
        PID:3176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
        8⤵
        Program crash
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31199.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
        8⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17537.exe
        9⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
        10⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16904.exe
        11⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60474.exe
        12⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
        13⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44411.exe
        14⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 216
        13⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
        12⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        11⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 216
        10⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 216
        9⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
        8⤵
        Program crash
        
        PID:3628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
        7⤵
        Program crash
        
        PID:372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15849.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51065.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61994.exe
        8⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17537.exe
        9⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51252.exe
        10⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23344.exe
        11⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54532.exe
        12⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
        13⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19484.exe
        14⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54717.exe
        15⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 220
        14⤵
        
        PID:13092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 236
        13⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        12⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
        11⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
        10⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
        9⤵
        Program crash
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36565.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27516.exe
        9⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
        10⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
        11⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28134.exe
        12⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        13⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 216
        13⤵
        
        PID:12840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 220
        12⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
        11⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
        10⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
        9⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
        8⤵
        Program crash
        
        PID:3728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 236
        7⤵
        Program crash
        
        PID:2348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
        6⤵
        Program crash
        
        PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13156.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63317.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20962.exe
        8⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1008.exe
        9⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
        10⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        11⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53162.exe
        12⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
        13⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
        14⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10324 -s 216
        14⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 216
        13⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
        12⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        11⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 236
        10⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 236
        9⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59996.exe
        9⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51439.exe
        10⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
        11⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17828.exe
        12⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
        13⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47535.exe
        14⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9856 -s 216
        13⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
        12⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
        11⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
        10⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
        9⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 220
        8⤵
        Program crash
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
        7⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        8⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8849.exe
        9⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18876.exe
        10⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28601.exe
        11⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        12⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47366.exe
        13⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9704 -s 216
        13⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
        12⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 236
        11⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
        10⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
        9⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
        8⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        7⤵
        Program crash
        
        PID:2308
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62357.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10224.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        9⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59036.exe
        10⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe
        11⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
        12⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33780.exe
        13⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        14⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        15⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9600 -s 216
        14⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 216
        13⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        12⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
        11⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 236
        10⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28864.exe
        9⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13831.exe
        10⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        11⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36904.exe
        12⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26261.exe
        13⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 216
        13⤵
        
        PID:12356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 216
        12⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
        11⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        10⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
        9⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44350.exe
        8⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
        9⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18492.exe
        10⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        11⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        12⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
        13⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9220 -s 216
        13⤵
        
        PID:12700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
        12⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 236
        11⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
        10⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
        9⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
        8⤵
        Program crash
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64215.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7697.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52726.exe
        10⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
        11⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe
        12⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48819.exe
        13⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
        13⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 220
        12⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
        11⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        10⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
        9⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20504.exe
        8⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe
        9⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
        10⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
        11⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61455.exe
        12⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40519.exe
        13⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 216
        12⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
        11⤵
        
        PID:10756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
        10⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        9⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
        8⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 240
        7⤵
        Program crash
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10779.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        7⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6846.exe
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18833.exe
        9⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30443.exe
        10⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42088.exe
        11⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38487.exe
        12⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
        13⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 236
        13⤵
        
        PID:13184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
        12⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
        11⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
        10⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
        9⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
        8⤵
        Program crash
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34043.exe
        7⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22856.exe
        8⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10323.exe
        9⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        10⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
        11⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59618.exe
        12⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 216
        12⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
        11⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 236
        10⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
        9⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        8⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        7⤵
        Program crash
        
        PID:3744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 240
        6⤵
        Program crash
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23100.exe
        7⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
        9⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2067.exe
        10⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31367.exe
        11⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
        12⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18755.exe
        13⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9540 -s 236
        12⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 236
        11⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 236
        10⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
        9⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
        8⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46680.exe
        7⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
        8⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe
        9⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
        10⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
        11⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        12⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 216
        12⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 236
        11⤵
        
        PID:11236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
        10⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        9⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 216
        8⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        7⤵
        Program crash
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        6⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        8⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
        10⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11460.exe
        11⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
        12⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 220
        12⤵
        
        PID:12984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 220
        11⤵
        
        PID:10504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        10⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
        9⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 216
        8⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 216
        7⤵
        Program crash
        
        PID:3200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        6⤵
        Program crash
        
        PID:2456
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
        5⤵
        Program crash
        
        PID:2736
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44682.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59477.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13156.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42897.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
        8⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57801.exe
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34916.exe
        10⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        11⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
        12⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
        13⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27268.exe
        14⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 216
        14⤵
        
        PID:12992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
        13⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
        12⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
        11⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 216
        10⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
        9⤵
        Program crash
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46104.exe
        8⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
        9⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26743.exe
        10⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        11⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
        12⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6608.exe
        13⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 216
        13⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
        12⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
        11⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        10⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 216
        9⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
        8⤵
        Program crash
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19570.exe
        7⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13260.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26748.exe
        9⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41050.exe
        10⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
        11⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25036.exe
        12⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56027.exe
        13⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 216
        13⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 216
        12⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        11⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
        10⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 216
        9⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 236
        8⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        7⤵
        Program crash
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35283.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51688.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7230.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55720.exe
        9⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        10⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
        11⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        12⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35000.exe
        13⤵
        
        PID:12904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10448 -s 216
        13⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 216
        12⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
        11⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
        10⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 216
        9⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
        8⤵
        Program crash
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30343.exe
        7⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
        8⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe
        9⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18243.exe
        10⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31362.exe
        11⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62109.exe
        12⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10828 -s 216
        12⤵
        
        PID:12980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 236
        11⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
        10⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        9⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
        8⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
        7⤵
        
        PID:4348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
        6⤵
        Program crash
        
        PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24017.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16255.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27184.exe
        7⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62461.exe
        8⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        9⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64054.exe
        10⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14677.exe
        11⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
        12⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 224
        13⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
        12⤵
        
        PID:11176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
        11⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
        10⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
        9⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 236
        8⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50764.exe
        7⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        8⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27044.exe
        9⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
        10⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        11⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17647.exe
        12⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9992 -s 216
        12⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 220
        11⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
        10⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
        9⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        8⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 240
        7⤵
        Program crash
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        6⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57801.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40753.exe
        8⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
        9⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41808.exe
        10⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6577.exe
        11⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17494.exe
        12⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
        11⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 236
        10⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
        9⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
        8⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
        7⤵
        Program crash
        
        PID:3084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
        6⤵
        Program crash
        
        PID:2960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
        5⤵
        Program crash
        
        PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-904.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27184.exe
        7⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-432.exe
        8⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        9⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        10⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        11⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        12⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        13⤵
        
        PID:13252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 216
        13⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
        12⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
        11⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
        10⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 216
        9⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 236
        8⤵
        Program crash
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59124.exe
        7⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        8⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57770.exe
        9⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        10⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
        11⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56193.exe
        12⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12128 -s 188
        13⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9424 -s 220
        12⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
        11⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
        10⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        9⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 220
        7⤵
        Program crash
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        6⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        7⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
        8⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45409.exe
        9⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
        10⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        11⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17486.exe
        12⤵
        
        PID:13124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10600 -s 216
        12⤵
        
        PID:12740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 236
        11⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
        10⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
        9⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 216
        8⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 216
        7⤵
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20962.exe
        6⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60380.exe
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31019.exe
        9⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
        10⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        11⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
        12⤵
        
        PID:12540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
        11⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        10⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        9⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
        8⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 216
        7⤵
        
        PID:4024
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
        6⤵
        Program crash
        
        PID:3656
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
        5⤵
        Program crash
        
        PID:2032
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1184
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2716
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48460.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22669.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63748.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7531.exe
        9⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
        10⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
        11⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
        12⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        13⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49436.exe
        13⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19956.exe
        14⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34105.exe
        15⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9308 -s 236
        14⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 220
        13⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 236
        12⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        11⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
        10⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
        9⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
        10⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9420.exe
        11⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
        12⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe
        13⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        14⤵
        
        PID:12668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 236
        13⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
        12⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
        11⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        10⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 240
        9⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65455.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54677.exe
        9⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1304.exe
        10⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
        11⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        12⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        13⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        14⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
        13⤵
        
        PID:11944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
        12⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        11⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        10⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        9⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
        8⤵
        Program crash
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
        8⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        10⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
        11⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28845.exe
        12⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63510.exe
        13⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9392 -s 236
        13⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
        12⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        11⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        10⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
        9⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26451.exe
        8⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38445.exe
        9⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20194.exe
        10⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22815.exe
        11⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
        12⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9352 -s 216
        12⤵
        
        PID:11992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
        11⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 236
        10⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        9⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
        8⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        7⤵
        Program crash
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
        8⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        9⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44283.exe
        10⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11257.exe
        11⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62311.exe
        12⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        13⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 216
        13⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
        12⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
        11⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        10⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
        9⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12253.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
        9⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
        10⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15633.exe
        11⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
        12⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 236
        12⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
        11⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 236
        10⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        9⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        8⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46981.exe
        7⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
        9⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48782.exe
        10⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43043.exe
        11⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4003.exe
        12⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 236
        12⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 236
        11⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
        10⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
        9⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
        8⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        7⤵
        Program crash
        
        PID:3224
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        6⤵
        Program crash
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49311.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28746.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38066.exe
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
        9⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe
        10⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe
        11⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
        12⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43557.exe
        13⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 236
        13⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 220
        12⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
        11⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
        10⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 216
        9⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
        8⤵
        Program crash
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44843.exe
        7⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46696.exe
        9⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe
        10⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        11⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
        12⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 216
        12⤵
        
        PID:12388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
        11⤵
        
        PID:10532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
        10⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        9⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
        8⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        7⤵
        Program crash
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        7⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38808.exe
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
        9⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe
        10⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49924.exe
        11⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28783.exe
        12⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
        12⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
        11⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
        10⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        9⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 236
        7⤵
        Program crash
        
        PID:3148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 240
        6⤵
        Program crash
        
        PID:1540
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        5⤵
        Program crash
        
        PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4111.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26753.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10271.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        8⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64874.exe
        9⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55440.exe
        10⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
        11⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
        12⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10692.exe
        13⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 216
        13⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 220
        12⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
        11⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
        10⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
        9⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30618.exe
        8⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44750.exe
        9⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45321.exe
        10⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe
        11⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48819.exe
        12⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9888 -s 216
        12⤵
        
        PID:12372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
        11⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
        10⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        9⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        8⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41334.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41714.exe
        8⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        9⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe
        10⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45456.exe
        11⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
        12⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 216
        12⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 236
        11⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
        10⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
        9⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 216
        8⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
        7⤵
        Program crash
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33384.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe
        7⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48922.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe
        9⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58040.exe
        10⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        11⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24938.exe
        12⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 220
        12⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 220
        11⤵
        
        PID:10580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
        10⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
        9⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 236
        8⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        7⤵
        Program crash
        
        PID:3368
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
        6⤵
        Program crash
        
        PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21237.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
        8⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15778.exe
        9⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48829.exe
        10⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
        11⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
        12⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 216
        12⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
        11⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
        10⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        9⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        8⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
        7⤵
        Program crash
        
        PID:3328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
        6⤵
        Program crash
        
        PID:3432
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
        5⤵
        Program crash
        
        PID:1712
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62170.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45938.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
        6⤵
        Program crash
        
        PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55388.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
        7⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26748.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
        9⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        10⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29696.exe
        11⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58933.exe
        12⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 220
        12⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
        11⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
        10⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
        9⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 236
        8⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 236
        7⤵
        Program crash
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41334.exe
        6⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36670.exe
        7⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55440.exe
        8⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
        9⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        10⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        11⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 216
        11⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
        10⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
        9⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        8⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
        7⤵
        
        PID:5008
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        6⤵
        Program crash
        
        PID:3696
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
        5⤵
        Program crash
        
        PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2056.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49166.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
        7⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65066.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30168.exe
        9⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34823.exe
        10⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
        11⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        12⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9676 -s 236
        12⤵
        
        PID:940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
        10⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        9⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 236
        8⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8252.exe
        7⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4931.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3961.exe
        9⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
        10⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        11⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 216
        11⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
        10⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
        9⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        8⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        7⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40265.exe
        6⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42316.exe
        7⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
        8⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        9⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49732.exe
        10⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22561.exe
        11⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 216
        11⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
        10⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
        9⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
        8⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 236
        7⤵
        
        PID:4340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
        6⤵
        Program crash
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60027.exe
        5⤵
        Executes dropped EXE
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10930.exe
        6⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54864.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18487.exe
        9⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
        10⤵
        
        PID:10044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10044 -s 220
        11⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
        10⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
        9⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
        8⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
        7⤵
        
        PID:4724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        6⤵
        Program crash
        
        PID:3468
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
        5⤵
        Program crash
        
        PID:2384
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
      4⤵
      Program crash
      PID:2712
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2312
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
  2⤵
  - Program crash
  PID:2744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe

Filesize
184KB

MD5
a674a82e5173580b317c1ddd42bc029e

SHA1
cf0af4b154e62ed0ad2dff3a04bf19f507b96c32

SHA256
53c84f6c193ebcb28981c12177a0663bb8ffe9435a059f1add752f65574924b2

SHA512
003a9152df4de2ac4470d7f5a1b64e7493cfa0ed74aec0886a06c06f77999ddb3bc8f30e4514ae2f3ce4f79940eac5fabc3912a5004419045a750f1af10b22e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe

Filesize
184KB

MD5
8125bdd952529eb2cc6adf3d577bda18

SHA1
63cc02a890111610d9920bb40557d5896c85c36b

SHA256
3f285ffc427a902b66ce900f132952e2a52616e01d4b3f1edc35122800692794

SHA512
4a27e40346b86d5114a59fd1327edec09925c9e20693e9565e09ab88d79f511e03b2e9570315c88959af8093dc7aec98e7c1a5e3cf5fb51adc00a1576c1e9c76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39990.exe

Filesize
184KB

MD5
cff8225f0574e7fb15f32e5e38680b53

SHA1
5dddf5b26075856e1622c73e5fed943d1f35fbe9

SHA256
13aef7e8abc965538afb79021b6b239a4c5f70d17409741474b3f872273ec3c1

SHA512
af2b473b6c9c9ed218c08f90b64837a44877c3ce159cd7a305f8216e9901d7b46d4600d12989df03d190462dae84abe40151486b5b94701db1ed3589c2640c4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40753.exe

Filesize
184KB

MD5
b4114ba68ae88771ea79565df2de131c

SHA1
038d5daf1b735d686994b05d8eb37589addbf5e1

SHA256
b2cfd047917a63bd1317990b5bcfb411e76c029d39ceb94a2df931c712849a90

SHA512
48382e9a1da1624b0dbdd783cec869317d211f0756c35dc539713684555ee917f9709a331e8111951dfe2e0f4384097ed4b35efb2691273533c67027850d7439

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42316.exe

Filesize
184KB

MD5
4830c618e3d23024913541617f005084

SHA1
c487ae2ca4c01466a97c74c060c43af26691af70

SHA256
ad742faf18c3eb6f3a03cfbc258052f81834c7a2cf47426fde0af4a795ab5dba

SHA512
7ad5d9f0099d4fa438a52a1cf454ca4cf3cd39f96b653896191e62fdbf564929fb31c9284f83f2ace5a4af966340c812fe3886282d12292054c411d436373252

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55393.exe

Filesize
184KB

MD5
67e31b0a1cd2ca0813c32aac20de654e

SHA1
29feb21067ed67a529c7b90ab7c5007ce63638b3

SHA256
45882848d1cb0c02a63935ec629cde702261549a00df2ce98fffeff563de2d41

SHA512
5519f559e215433b03c6287f311bf5ed2ed3fdf95a554629b7eeea5e482c1fcb979dfd40384c55368a3ee30908a308feeed3d2496de47f1bdd8b4bc92b61718c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe

Filesize
184KB

MD5
b35398afe6e790e0ba3f118a9e744bc3

SHA1
128c303a1a5e5bf621ff26d31a5ac3c565d1831e

SHA256
ceb0f299dca21c06b0ef923a6ac1fd8f8c320a47b732211c87983986823d6918

SHA512
be652522cd62f1e00bff3058aa6ae8a57f9d24e853194faa1c6b6f6db60cff72e2d02907ef41af59066584618e380757b5e3b750c58cb8e51eb5258f43204f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62170.exe

Filesize
184KB

MD5
e15a9b5c2e38b2b8d6226eb90920abb6

SHA1
ac01a4d1fa74fbb94adb98ab20e2caee66052b90

SHA256
4d08314dce72479d0f3aeaaa4bb3834994acad7aa8798e831c0c15f505902d1f

SHA512
d22b526da5eae87d18b99f7e780f22339e05f487fedb2ed285273e9adeead2eb335c4adf9e38dd2dcad036305fb48979c501ccf6a31fd17a722f250eebf9b268

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe

Filesize
184KB

MD5
5e3cc318ad0316f337d9630df29386fa

SHA1
cd4c6cbd83cf5e2d8417de3a3f4af974076f99c3

SHA256
5d1073e773eccbe80c7b3a4a2f4cd9dc134d7716c82f6727f620e59374be36b6

SHA512
5124e2c5ccf8990b2900e96cbce79555f11080fce9236e006e05c22a42b8b3eeca2b946b51f4bb133439f51d0e36e41c8a475e3146c3515a962180ad6da341c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31732.exe

Filesize
184KB

MD5
e8a6d8d0c5e3a54ece653c935ef7d58e

SHA1
5dc16ee3e76d8f845bede30e443f2814c5045191

SHA256
b22ad913319295afb1d0eadfbc842ef374b00a5a26d133dc0a24821076f95ecc

SHA512
9f5198425eeb1aaa1809e761ef831e4f19288d887a56ca504e987dfcef5ffc00afdfcc7a8889f6850a346449f99922b2023bdaa5da186dcdbd446c6cf41fe387

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44682.exe

Filesize
184KB

MD5
c58937c9ac0846b7e1af906f19a18651

SHA1
ebf2f4456e7ddfa2242f17957474352459746992

SHA256
207b25c981c4d64d40921c9ea3f4a387a89ff7015515158fbc615b2e2c6a5769

SHA512
ae1fe97773d84944175762a2770f78fe5739a4660ee805ddb76f9bca5abdfa6df5f28568cfc23df00b4f80dbfa7efa726e72a674abde567ee7e6e4cb20406953

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45938.exe

Filesize
184KB

MD5
f52bed4c0b98b13a2b149ea1adb50953

SHA1
d43fda3227736129b9287cfb3d7da513ebbfc6ff

SHA256
e57bd0a1449f3d13c60ea2f6709b540dc9f72a580ef93197f574880e10c2d79c

SHA512
5a38a1c8faaadef3554a3abfcceaf6063a57a54c8ee4d6a7b33b9a82cf056405c01696d58e2d8816b3fef4e77400ff86bb2d512d036f1269679117215140f440

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe

Filesize
184KB

MD5
c6e0d7f037576a1880f113cb07f4d1ba

SHA1
a91110295c3b2153dbf2e627197c17d0e37fac02

SHA256
43eb6e31ea944ffef3166344fa26d5bd439ccc9bbbf82978b1faf6a16fd657aa

SHA512
404f6034b85e788903d39a7aaff7df2714c3bee84993c4fb92d741f85ae249a99fdada14dfd7896a605bd73008af173f0bbfec223ab3460c901d151f635b0464

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe

Filesize
184KB

MD5
dcdbd7fd027a366dc48c5aa51112c641

SHA1
3ce4147fcf777a3bb20693a1153b07cc46e62bc3

SHA256
c6be215e8fff5f94ec68326c70fe6c09dbfe6e910940a970ffc0d9a960c9ce8f

SHA512
a3546d1fbb1e98e16ea0414cb478fc330d924679cb57ab66de30abc44dba4c94eff4121e88aa65e713a2d626fdc5c27b3f56ab4b72e3382a94c85dfb5d335e6e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe

Filesize
184KB

MD5
0ed2dd0b5e22da6ea32528a5271f8264

SHA1
ed6992f4fa911fb90dcc63102783192a0ee17999

SHA256
3d5e3201fe2e42c369755bbe25b3ec5d11231640b0c25792fa16d3f111b0542c

SHA512
6fefdce561495a99e61c0ba9d3a2e2bff9f7b6407627d6ee89df0a06ba73792b4a89b2e00ffc913eaaa076b89fa8e2ba8786b0931af6639a66b6489b2f812212

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59477.exe

Filesize
184KB

MD5
a71d77a2e1986e107e2dc649b5ff5374

SHA1
fad2a8f85da8e1acca986ee0c4eed4a652ea52e6

SHA256
e7f8440a5b4735eda9f8b678c85c28ee40e9f40ac1523cdb3bf2f2c63a957690

SHA512
965711b92775e76f515645c53b8150d318d19525dbba8d5adc11b0bf78af9caf6f5cef66da979b73b1fd1c5c2c62cb68a68579549532dadb03a2d8f80f3e5509

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe

Filesize
184KB

MD5
a9ca59e9b2c560e67a1619b4482e361f

SHA1
5902ef89b1a0e17837921abd48a47d187a7a7cb7

SHA256
3ae392e87f747ea64f53dac9f7de3ab0a3b60ad6c4ecbbf850af2baa9c088f4e

SHA512
45b150bd209fcb81cc3b4a07206716c96ac6b5f9e6665a45d3daf658649c55adde3909408e276f21dedf2f41347becada79a2f7335c4c5242293a5f58d4e0236

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe

Filesize
184KB

MD5
61797f8168d8f1d146620b94f8e47bf3

SHA1
b9bdca23df3eca39a732cd9e76dca82bb0d75f21

SHA256
32b0c540b895f7c230a43652475faeb1b988d1391c31209878e0c95924cbe4b3

SHA512
77fca01e2583394464f0bdf7877f0d269ffe0ac5fb5cd31db523326fda353b39952e6683ae336964d60dd0961fb336f1e8fca89783dc9ef32f570df11d439e0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe

Filesize
184KB

MD5
71743598f493e729e96ec22749c142ac

SHA1
e458a4511e0b596acfd191e9bfd94b31c60f77ce

SHA256
a554ab27a11b074ff59721454ad878fddb67d19001f017d58811af017a409451

SHA512
9c5acd3bf430807aa4b4ec21927818c7bcc8d886d2960b34f6a03b92cd863e3612f1b8c3a63b665c3bbf8d17536d2b6c148c6d081b859fc3e5436207ae0fcf90

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads