7d180b897b47b85b30d8afb9e399c1c6bbffce66a58999b537439351d29e5bcc

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
11-06-2024 07:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe
Size

184KB
MD5

2ce06e00b8c1421ca524dba78c017d70
SHA1

e3984fc39b99c5b8966ac089fd5c5c3aa999584f
SHA256

7d180b897b47b85b30d8afb9e399c1c6bbffce66a58999b537439351d29e5bcc
SHA512

83cde5ff46711b7b1ce65cbbb2827b73211ce5a9316eed21eec6ccd4ebd82c14859c1930ddab1a12b5af4fcc42dffa3cae33dcdadeb116502b2bfa492d4efad9
SSDEEP

3072:HlFBQtoTFJOGdHtWe6i2RzsCMlnViF7n3:HlWo+SHtv2NsCMlnViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3048	Unicorn-9118.exe
2172	Unicorn-28958.exe
2716	Unicorn-31375.exe
2772	Unicorn-46576.exe
2544	Unicorn-54744.exe
2576	Unicorn-10566.exe
2852	Unicorn-49586.exe
2792	Unicorn-9622.exe
2916	Unicorn-38957.exe
1940	Unicorn-14261.exe
1924	Unicorn-34127.exe
1236	Unicorn-65377.exe
2004	Unicorn-21199.exe
1332	Unicorn-55105.exe
2960	Unicorn-18711.exe
1160	Unicorn-19780.exe
672	Unicorn-39646.exe
964	Unicorn-14072.exe
2392	Unicorn-28136.exe
1980	Unicorn-11799.exe
1660	Unicorn-34694.exe
1348	Unicorn-9998.exe
2280	Unicorn-54752.exe
900	Unicorn-43054.exe
1312	Unicorn-5551.exe
2976	Unicorn-46776.exe
2256	Unicorn-22080.exe
2980	Unicorn-30248.exe
1632	Unicorn-10382.exe
1752	Unicorn-51415.exe
2812	Unicorn-24322.exe
2632	Unicorn-28960.exe
2656	Unicorn-40658.exe
2648	Unicorn-4648.exe
2596	Unicorn-32682.exe
2524	Unicorn-32682.exe
2692	Unicorn-4840.exe
1928	Unicorn-8369.exe
2176	Unicorn-58447.exe
1796	Unicorn-22245.exe
1240	Unicorn-50471.exe
1124	Unicorn-4757.exe
2164	Unicorn-24623.exe
3028	Unicorn-12925.exe
2496	Unicorn-16455.exe
1520	Unicorn-57295.exe
2560	Unicorn-65463.exe
1392	Unicorn-21093.exe
1100	Unicorn-44353.exe
2296	Unicorn-48992.exe
1060	Unicorn-60305.exe
2028	Unicorn-24103.exe
2236	Unicorn-2936.exe
2040	Unicorn-52329.exe
992	Unicorn-27633.exe
2096	Unicorn-3128.exe
3008	Unicorn-28702.exe
2192	Unicorn-59765.exe
2664	Unicorn-35260.exe
2920	Unicorn-38598.exe
2536	Unicorn-29361.exe
2516	Unicorn-29361.exe
3064	Unicorn-59957.exe
2832	Unicorn-55318.exe

Loads dropped DLL 64 IoCs

pid	Process
2984	2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe
2984	2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe
3048	Unicorn-9118.exe
3048	Unicorn-9118.exe
2984	2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe
2984	2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe
2716	Unicorn-31375.exe
2716	Unicorn-31375.exe
2172	Unicorn-28958.exe
2172	Unicorn-28958.exe
3048	Unicorn-9118.exe
3048	Unicorn-9118.exe
2584	WerFault.exe
2584	WerFault.exe
2584	WerFault.exe
2584	WerFault.exe
2584	WerFault.exe
2576	Unicorn-10566.exe
2772	Unicorn-46576.exe
2772	Unicorn-46576.exe
2576	Unicorn-10566.exe
2716	Unicorn-31375.exe
2716	Unicorn-31375.exe
2544	Unicorn-54744.exe
2172	Unicorn-28958.exe
2544	Unicorn-54744.exe
2172	Unicorn-28958.exe
1760	WerFault.exe
1760	WerFault.exe
1760	WerFault.exe
1760	WerFault.exe
2580	WerFault.exe
2580	WerFault.exe
2580	WerFault.exe
2580	WerFault.exe
1760	WerFault.exe
2580	WerFault.exe
2792	Unicorn-9622.exe
2792	Unicorn-9622.exe
2576	Unicorn-10566.exe
2576	Unicorn-10566.exe
1924	Unicorn-34127.exe
1924	Unicorn-34127.exe
2544	Unicorn-54744.exe
2544	Unicorn-54744.exe
1940	Unicorn-14261.exe
1940	Unicorn-14261.exe
2772	Unicorn-46576.exe
2852	Unicorn-49586.exe
2772	Unicorn-46576.exe
2852	Unicorn-49586.exe
1840	WerFault.exe
1840	WerFault.exe
1840	WerFault.exe
1840	WerFault.exe
632	WerFault.exe
632	WerFault.exe
632	WerFault.exe
632	WerFault.exe
1840	WerFault.exe
632	WerFault.exe
2284	WerFault.exe
2284	WerFault.exe
2284	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2944	2984	WerFault.exe	27
2584	3048	WerFault.exe	28
1760	2716	WerFault.exe	30
2580	2172	WerFault.exe	29
632	2772	WerFault.exe	32
1840	2576	WerFault.exe	34
2284	2544	WerFault.exe	33
2996	2792	WerFault.exe	36
2604	1924	WerFault.exe	39
548	2916	WerFault.exe	38
2744	2852	WerFault.exe	37
2736	1940	WerFault.exe	40
2808	1660	WerFault.exe	55
308	2004	WerFault.exe	44
536	1236	WerFault.exe	43
1040	1332	WerFault.exe	45
1156	2960	WerFault.exe	46
1352	1160	WerFault.exe	48
1984	964	WerFault.exe	49
1304	672	WerFault.exe	47
2912	2392	WerFault.exe	53
1080	1980	WerFault.exe	54
888	2280	WerFault.exe	57
1180	1348	WerFault.exe	56
1592	900	WerFault.exe	58
2092	1312	WerFault.exe	59
1644	2256	WerFault.exe	61
2664	2976	WerFault.exe	60
2568	1632	WerFault.exe	63
2636	1752	WerFault.exe	64
2368	2980	WerFault.exe	62
576	2812	WerFault.exe	66
2116	2656	WerFault.exe	73
2288	2648	WerFault.exe	74
1852	2632	WerFault.exe	69
2728	1928	WerFault.exe	78
3104	2596	WerFault.exe	75
3156	2692	WerFault.exe	77
3176	1796	WerFault.exe	80
3276	2496	WerFault.exe	85
3284	1240	WerFault.exe	81
3380	3028	WerFault.exe	84
3416	1520	WerFault.exe	86
3440	2560	WerFault.exe	87
3528	2164	WerFault.exe	83
3544	1392	WerFault.exe	88
3708	1124	WerFault.exe	82
3856	2176	WerFault.exe	79
4080	2524	WerFault.exe	76
3788	1100	WerFault.exe	91
4088	1396	WerFault.exe	118
3200	2296	WerFault.exe	92
3236	764	WerFault.exe	117
3552	796	WerFault.exe	119
3808	2040	WerFault.exe	101
3888	1232	WerFault.exe	126
3972	2192	WerFault.exe	105
3168	352	WerFault.exe	116
3164	2236	WerFault.exe	100
3916	1060	WerFault.exe	98
4048	1184	WerFault.exe	139
3568	1580	WerFault.exe	137
3448	1628	WerFault.exe	138
4104	1300	WerFault.exe	142

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2984	2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe
3048	Unicorn-9118.exe
2172	Unicorn-28958.exe
2716	Unicorn-31375.exe
2772	Unicorn-46576.exe
2576	Unicorn-10566.exe
2544	Unicorn-54744.exe
2792	Unicorn-9622.exe
2852	Unicorn-49586.exe
1940	Unicorn-14261.exe
2916	Unicorn-38957.exe
1924	Unicorn-34127.exe
2004	Unicorn-21199.exe
1236	Unicorn-65377.exe
1332	Unicorn-55105.exe
2960	Unicorn-18711.exe
672	Unicorn-39646.exe
964	Unicorn-14072.exe
1160	Unicorn-19780.exe
2392	Unicorn-28136.exe
1980	Unicorn-11799.exe
1660	Unicorn-34694.exe
1348	Unicorn-9998.exe
2280	Unicorn-54752.exe
900	Unicorn-43054.exe
1312	Unicorn-5551.exe
2976	Unicorn-46776.exe
2256	Unicorn-22080.exe
2980	Unicorn-30248.exe
1632	Unicorn-10382.exe
1752	Unicorn-51415.exe
2812	Unicorn-24322.exe
2632	Unicorn-28960.exe
2656	Unicorn-40658.exe
2648	Unicorn-4648.exe
2524	Unicorn-32682.exe
2596	Unicorn-32682.exe
2692	Unicorn-4840.exe
1928	Unicorn-8369.exe
2176	Unicorn-58447.exe
1796	Unicorn-22245.exe
1240	Unicorn-50471.exe
1124	Unicorn-4757.exe
3028	Unicorn-12925.exe
2164	Unicorn-24623.exe
2496	Unicorn-16455.exe
1520	Unicorn-57295.exe
2560	Unicorn-65463.exe
1392	Unicorn-21093.exe
1100	Unicorn-44353.exe
2296	Unicorn-48992.exe
1060	Unicorn-60305.exe
2028	Unicorn-24103.exe
2236	Unicorn-2936.exe
2040	Unicorn-52329.exe
2096	Unicorn-3128.exe
992	Unicorn-27633.exe
3008	Unicorn-28702.exe
2192	Unicorn-59765.exe
2516	Unicorn-29361.exe
2920	Unicorn-38598.exe
2536	Unicorn-29361.exe
2832	Unicorn-55318.exe
3064	Unicorn-59957.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 3048	2984	2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe	28
PID 2984 wrote to memory of 3048	2984	2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe	28
PID 2984 wrote to memory of 3048	2984	2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe	28
PID 2984 wrote to memory of 3048	2984	2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe	28
PID 3048 wrote to memory of 2172	3048	Unicorn-9118.exe	29
PID 3048 wrote to memory of 2172	3048	Unicorn-9118.exe	29
PID 3048 wrote to memory of 2172	3048	Unicorn-9118.exe	29
PID 3048 wrote to memory of 2172	3048	Unicorn-9118.exe	29
PID 2984 wrote to memory of 2716	2984	2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe	30
PID 2984 wrote to memory of 2716	2984	2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe	30
PID 2984 wrote to memory of 2716	2984	2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe	30
PID 2984 wrote to memory of 2716	2984	2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe	30
PID 2984 wrote to memory of 2944	2984	2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe	31
PID 2984 wrote to memory of 2944	2984	2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe	31
PID 2984 wrote to memory of 2944	2984	2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe	31
PID 2984 wrote to memory of 2944	2984	2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe	31
PID 2716 wrote to memory of 2772	2716	Unicorn-31375.exe	32
PID 2716 wrote to memory of 2772	2716	Unicorn-31375.exe	32
PID 2716 wrote to memory of 2772	2716	Unicorn-31375.exe	32
PID 2716 wrote to memory of 2772	2716	Unicorn-31375.exe	32
PID 2172 wrote to memory of 2544	2172	Unicorn-28958.exe	33
PID 2172 wrote to memory of 2544	2172	Unicorn-28958.exe	33
PID 2172 wrote to memory of 2544	2172	Unicorn-28958.exe	33
PID 2172 wrote to memory of 2544	2172	Unicorn-28958.exe	33
PID 3048 wrote to memory of 2576	3048	Unicorn-9118.exe	34
PID 3048 wrote to memory of 2576	3048	Unicorn-9118.exe	34
PID 3048 wrote to memory of 2576	3048	Unicorn-9118.exe	34
PID 3048 wrote to memory of 2576	3048	Unicorn-9118.exe	34
PID 3048 wrote to memory of 2584	3048	Unicorn-9118.exe	35
PID 3048 wrote to memory of 2584	3048	Unicorn-9118.exe	35
PID 3048 wrote to memory of 2584	3048	Unicorn-9118.exe	35
PID 3048 wrote to memory of 2584	3048	Unicorn-9118.exe	35
PID 2772 wrote to memory of 2852	2772	Unicorn-46576.exe	37
PID 2772 wrote to memory of 2852	2772	Unicorn-46576.exe	37
PID 2772 wrote to memory of 2852	2772	Unicorn-46576.exe	37
PID 2772 wrote to memory of 2852	2772	Unicorn-46576.exe	37
PID 2576 wrote to memory of 2792	2576	Unicorn-10566.exe	36
PID 2576 wrote to memory of 2792	2576	Unicorn-10566.exe	36
PID 2576 wrote to memory of 2792	2576	Unicorn-10566.exe	36
PID 2576 wrote to memory of 2792	2576	Unicorn-10566.exe	36
PID 2716 wrote to memory of 2916	2716	Unicorn-31375.exe	38
PID 2716 wrote to memory of 2916	2716	Unicorn-31375.exe	38
PID 2716 wrote to memory of 2916	2716	Unicorn-31375.exe	38
PID 2716 wrote to memory of 2916	2716	Unicorn-31375.exe	38
PID 2172 wrote to memory of 1940	2172	Unicorn-28958.exe	40
PID 2172 wrote to memory of 1940	2172	Unicorn-28958.exe	40
PID 2172 wrote to memory of 1940	2172	Unicorn-28958.exe	40
PID 2172 wrote to memory of 1940	2172	Unicorn-28958.exe	40
PID 2544 wrote to memory of 1924	2544	Unicorn-54744.exe	39
PID 2544 wrote to memory of 1924	2544	Unicorn-54744.exe	39
PID 2544 wrote to memory of 1924	2544	Unicorn-54744.exe	39
PID 2544 wrote to memory of 1924	2544	Unicorn-54744.exe	39
PID 2716 wrote to memory of 1760	2716	Unicorn-31375.exe	41
PID 2716 wrote to memory of 1760	2716	Unicorn-31375.exe	41
PID 2716 wrote to memory of 1760	2716	Unicorn-31375.exe	41
PID 2716 wrote to memory of 1760	2716	Unicorn-31375.exe	41
PID 2172 wrote to memory of 2580	2172	Unicorn-28958.exe	42
PID 2172 wrote to memory of 2580	2172	Unicorn-28958.exe	42
PID 2172 wrote to memory of 2580	2172	Unicorn-28958.exe	42
PID 2172 wrote to memory of 2580	2172	Unicorn-28958.exe	42
PID 2792 wrote to memory of 1236	2792	Unicorn-9622.exe	43
PID 2792 wrote to memory of 1236	2792	Unicorn-9622.exe	43
PID 2792 wrote to memory of 1236	2792	Unicorn-9622.exe	43
PID 2792 wrote to memory of 1236	2792	Unicorn-9622.exe	43

C:\Users\Admin\AppData\Local\Temp\2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2ce06e00b8c1421ca524dba78c017d70_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28958.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54752.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2796.exe
        10⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63476.exe
        11⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2646.exe
        12⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61518.exe
        13⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
        14⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 220
        14⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
        13⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
        12⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
        11⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
        10⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
        11⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        12⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe
        13⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        14⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10836 -s 236
        14⤵
        
        PID:12688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 236
        13⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
        12⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        11⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        10⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        9⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25262.exe
        10⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
        11⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5031.exe
        12⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36862.exe
        13⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25984.exe
        14⤵
        
        PID:11456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 216
        14⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
        13⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        12⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
        11⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
        10⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39240.exe
        11⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
        12⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16171.exe
        13⤵
        
        PID:11796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        14⤵
        
        PID:12748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11796 -s 216
        14⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9816 -s 236
        13⤵
        
        PID:12636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
        12⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
        11⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 220
        10⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 220
        9⤵
        Program crash
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
        8⤵
        Executes dropped EXE
        
        PID:2664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        8⤵
        Program crash
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4840.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
        9⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        10⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37621.exe
        11⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47365.exe
        12⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        13⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
        13⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
        12⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
        11⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        10⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
        9⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54716.exe
        8⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
        9⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45791.exe
        10⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        11⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 220
        12⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
        11⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        10⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 236
        9⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        8⤵
        Program crash
        
        PID:3156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
        7⤵
        Program crash
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43054.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8369.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27633.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
        9⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
        10⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
        11⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53651.exe
        12⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
        13⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
        13⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
        12⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        11⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
        10⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
        9⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59823.exe
        10⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
        11⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11257.exe
        12⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17931.exe
        13⤵
        
        PID:12544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        12⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        11⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        10⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 220
        9⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
        8⤵
        Program crash
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32672.exe
        8⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36175.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
        10⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18758.exe
        11⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16847.exe
        12⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        13⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 236
        13⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
        12⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
        11⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        10⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
        9⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8141.exe
        8⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
        9⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
        10⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51579.exe
        11⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45263.exe
        12⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
        11⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
        10⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        8⤵
        Program crash
        
        PID:3972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
        7⤵
        Program crash
        
        PID:1592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        6⤵
        Program crash
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18711.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9236.exe
        9⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
        10⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31570.exe
        11⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        12⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        13⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 216
        13⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 216
        12⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        11⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 216
        10⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
        9⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36196.exe
        10⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        11⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        12⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
        12⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        11⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        10⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        9⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        8⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42921.exe
        9⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30654.exe
        10⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
        11⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
        12⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
        12⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
        11⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        10⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 236
        9⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 220
        8⤵
        Program crash
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        8⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32532.exe
        9⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5635.exe
        10⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        11⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42721.exe
        12⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55579.exe
        13⤵
        
        PID:12236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 216
        13⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
        12⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        11⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        10⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
        9⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61867.exe
        8⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
        9⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4009.exe
        10⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14750.exe
        11⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        12⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10616 -s 216
        12⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
        11⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 216
        10⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        9⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        8⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
        7⤵
        Program crash
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22245.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27685.exe
        8⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
        9⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
        10⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        11⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        12⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34344.exe
        13⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 236
        13⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
        12⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
        11⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 236
        10⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        9⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30496.exe
        10⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38045.exe
        11⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
        12⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 216
        12⤵
        
        PID:12948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
        11⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
        10⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 220
        9⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54083.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3544.exe
        9⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
        10⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
        11⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        12⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10244 -s 216
        12⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 216
        11⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 236
        10⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        9⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        8⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32707.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38588.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36196.exe
        9⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
        10⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20526.exe
        11⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22881.exe
        12⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        13⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
        13⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 216
        12⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
        11⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
        10⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
        9⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
        8⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
        7⤵
        Program crash
        
        PID:3176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        6⤵
        Program crash
        
        PID:1156
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30248.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        8⤵
        Program crash
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        7⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52381.exe
        8⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49553.exe
        9⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32574.exe
        10⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34072.exe
        11⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
        11⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
        10⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
        9⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 236
        8⤵
        Program crash
        
        PID:4088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        7⤵
        Program crash
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
        8⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-544.exe
        9⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 220
        10⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 236
        9⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        8⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
        9⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe
        10⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18724.exe
        11⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13804.exe
        12⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11560 -s 216
        12⤵
        
        PID:12428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
        11⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 236
        10⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        9⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
        8⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        7⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
        8⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        10⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17698.exe
        11⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        12⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 216
        11⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        10⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
        9⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 236
        8⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 240
        7⤵
        Program crash
        
        PID:3544
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 240
        6⤵
        Program crash
        
        PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51415.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57295.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
        7⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11156.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22185.exe
        10⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10340.exe
        11⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64532.exe
        12⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 216
        12⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
        11⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        10⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
        9⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13159.exe
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30462.exe
        9⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        10⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5705.exe
        11⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 216
        11⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
        10⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        9⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 220
        8⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
        7⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        8⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 220
        9⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 236
        8⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 240
        7⤵
        Program crash
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
        6⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
        7⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25646.exe
        8⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
        9⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37896.exe
        10⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
        11⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1895.exe
        12⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
        11⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
        10⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
        9⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        8⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29920.exe
        9⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20526.exe
        10⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        11⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 216
        11⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
        10⤵
        
        PID:11132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
        9⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 220
        8⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 236
        7⤵
        Program crash
        
        PID:3236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
        6⤵
        Program crash
        
        PID:2636
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
        5⤵
        Program crash
        
        PID:2736
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10566.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10566.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11799.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
        9⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54410.exe
        10⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39538.exe
        11⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
        12⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13239.exe
        13⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
        14⤵
        
        PID:11812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
        15⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11812 -s 216
        15⤵
        
        PID:12612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 236
        14⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
        13⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
        12⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 216
        11⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
        10⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
        9⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
        10⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
        11⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4848.exe
        12⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
        13⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 220
        12⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        11⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 236
        10⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 240
        9⤵
        Program crash
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        8⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12054.exe
        9⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1722.exe
        10⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46033.exe
        11⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24325.exe
        12⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
        12⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
        11⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
        10⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
        9⤵
        Program crash
        
        PID:3568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        8⤵
        Program crash
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24103.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23160.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
        9⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63850.exe
        10⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
        11⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45938.exe
        12⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        13⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9764 -s 236
        13⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
        12⤵
        
        PID:10384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        11⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        10⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
        9⤵
        Program crash
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8525.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18058.exe
        9⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46417.exe
        10⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32685.exe
        11⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 236
        11⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        10⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
        9⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        8⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 220
        7⤵
        Program crash
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4648.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2936.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55832.exe
        8⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12246.exe
        9⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30986.exe
        10⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46256.exe
        11⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9586.exe
        12⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59928.exe
        13⤵
        
        PID:12292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 236
        13⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
        12⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
        11⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        10⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 236
        9⤵
        Program crash
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
        8⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33818.exe
        9⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17383.exe
        10⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15638.exe
        10⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31087.exe
        11⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 220
        11⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 220
        10⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
        9⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
        8⤵
        Program crash
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
        7⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52210.exe
        8⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        9⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14434.exe
        10⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57796.exe
        11⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39729.exe
        12⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
        11⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
        10⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        9⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
        7⤵
        Program crash
        
        PID:2288
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
        6⤵
        Program crash
        
        PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34694.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
        6⤵
        Program crash
        
        PID:2808
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
        5⤵
        Program crash
        
        PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38619.exe
        8⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13953.exe
        9⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1312.exe
        10⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37239.exe
        11⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        12⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-671.exe
        13⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24526.exe
        14⤵
        
        PID:932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10496 -s 216
        14⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
        13⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
        12⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        11⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
        10⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29303.exe
        9⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40742.exe
        10⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45426.exe
        11⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
        12⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44624.exe
        13⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11384 -s 236
        13⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 220
        12⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
        11⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
        10⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
        9⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41577.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18843.exe
        10⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
        11⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 220
        12⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
        11⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        10⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
        9⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
        8⤵
        Program crash
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59978.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
        8⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
        9⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13448.exe
        10⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
        10⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44127.exe
        11⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56513.exe
        12⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 216
        12⤵
        
        PID:12980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 216
        11⤵
        
        PID:9312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 240
        10⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 236
        9⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
        8⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5525.exe
        10⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        11⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9392 -s 216
        11⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
        10⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
        9⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        8⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        7⤵
        Program crash
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        7⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
        8⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        9⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5249.exe
        10⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe
        11⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62180.exe
        12⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 236
        12⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
        11⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
        10⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
        9⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 236
        8⤵
        Program crash
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
        7⤵
        
        PID:588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 240
        8⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        7⤵
        Program crash
        
        PID:3200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
        6⤵
        Program crash
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28960.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4270.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        9⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64403.exe
        10⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59913.exe
        11⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
        12⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 220
        11⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 236
        10⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
        9⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58110.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        9⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12772.exe
        10⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe
        11⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9992 -s 236
        11⤵
        
        PID:12380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
        10⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 236
        9⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
        8⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
        7⤵
        Program crash
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
        6⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65173.exe
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        9⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20474.exe
        10⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20598.exe
        11⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 216
        11⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
        10⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 236
        9⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
        8⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
        7⤵
        Program crash
        
        PID:4104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
        6⤵
        Program crash
        
        PID:1852
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
        5⤵
        Program crash
        
        PID:308
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1840
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22080.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50471.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
        9⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        10⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        11⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20730.exe
        12⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
        13⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 220
        13⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        12⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        11⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 236
        10⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14503.exe
        9⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe
        10⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        11⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25984.exe
        12⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 216
        12⤵
        
        PID:12440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        11⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        10⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 220
        9⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57020.exe
        8⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22444.exe
        9⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        10⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        11⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
        12⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39154.exe
        13⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
        12⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
        11⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
        10⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 236
        9⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
        8⤵
        Program crash
        
        PID:3284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
        7⤵
        Program crash
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14477.exe
        7⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
        8⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30794.exe
        9⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        10⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
        11⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        12⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 236
        12⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
        11⤵
        
        PID:10904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 236
        10⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        9⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 216
        8⤵
        Program crash
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe
        7⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
        8⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53129.exe
        9⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21145.exe
        10⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8071.exe
        11⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        12⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10584 -s 216
        12⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 236
        11⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        10⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        9⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
        8⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
        7⤵
        Program crash
        
        PID:3708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 240
        6⤵
        Program crash
        
        PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10382.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16455.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27685.exe
        8⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
        10⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
        11⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10202.exe
        12⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 216
        12⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
        11⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        10⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 216
        9⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38047.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22294.exe
        9⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
        10⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7822.exe
        11⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
        11⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        9⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 220
        8⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32707.exe
        7⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30804.exe
        8⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60612.exe
        9⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50714.exe
        10⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24268.exe
        11⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 216
        11⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
        10⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
        9⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
        8⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        7⤵
        Program crash
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe
        6⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16772.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
        9⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63635.exe
        10⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        11⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        12⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 216
        12⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
        11⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
        10⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
        9⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
        8⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45915.exe
        7⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5765.exe
        8⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35504.exe
        9⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63925.exe
        10⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 236
        10⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
        9⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        8⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        7⤵
        
        PID:5064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
        6⤵
        Program crash
        
        PID:2568
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
        5⤵
        Program crash
        
        PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        7⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2988.exe
        8⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38780.exe
        9⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
        10⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        11⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-614.exe
        12⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24526.exe
        13⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10860 -s 216
        13⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
        12⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        11⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
        10⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
        9⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2770.exe
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31981.exe
        9⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6650.exe
        10⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
        11⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
        12⤵
        
        PID:13044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
        11⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        10⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        9⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 220
        8⤵
        Program crash
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        9⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54616.exe
        10⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28310.exe
        11⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48376.exe
        12⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 236
        12⤵
        
        PID:12372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 216
        11⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
        10⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        9⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
        8⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        7⤵
        Program crash
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        6⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        7⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        8⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
        9⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
        10⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7836.exe
        11⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 216
        11⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 220
        10⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        9⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        8⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 220
        7⤵
        
        PID:4392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        6⤵
        Program crash
        
        PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12925.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29553.exe
        6⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2988.exe
        7⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
        8⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36217.exe
        9⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        10⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55399.exe
        11⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
        12⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45050.exe
        13⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 236
        13⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11228 -s 216
        12⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 216
        11⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
        10⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
        9⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 236
        8⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
        9⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
        10⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
        11⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11260 -s 216
        11⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
        10⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
        9⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        8⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
        7⤵
        
        PID:4784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
        6⤵
        Program crash
        
        PID:3380
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
        5⤵
        Program crash
        
        PID:1352
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
        7⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9278.exe
        9⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
        10⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
        11⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
        12⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 216
        12⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 220
        11⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
        10⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        9⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
        8⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        7⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15802.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
        9⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61122.exe
        10⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        11⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48013.exe
        12⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
        12⤵
        
        PID:12360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 236
        11⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 236
        10⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 236
        9⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
        8⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
        7⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12998.exe
        6⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54623.exe
        7⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        8⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20626.exe
        9⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45554.exe
        10⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45294.exe
        11⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9704 -s 216
        11⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 236
        10⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 236
        9⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        8⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
        7⤵
        
        PID:4408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        6⤵
        Program crash
        
        PID:3104
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 236
        5⤵
        Program crash
        
        PID:1180
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 216
      4⤵
      Program crash
      PID:548
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1760
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
  2⤵
  - Program crash
  PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10566.exe

Filesize
184KB

MD5
49d00dda75576d5834dbe1ddc1b5bcb8

SHA1
713189456379c35859fab5f1254e756892afead1

SHA256
f04080126b352d9d552d72102f14bc142acf11b511ea73dc3cdde7a6770959d5

SHA512
a61f650a7e7dcadaee5a0e8fd67c4ddd4a728685d98dbac2e87e1dbed62da69c62f85cb599495b160fa9a5ddb1e7058f22ecaadf4ea42c82f292b58cba48e59d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe

Filesize
184KB

MD5
f4f8eaca1da669690ccf9780583d78ab

SHA1
09484bb664f6bcccf95ff3c5bfb96c4986ddba8c

SHA256
39ce84e6d77ee2b1f3a55e718bee8fc3156ff9c85cf0f552f03625622ed91ab7

SHA512
caedbd1ea4d9aecf075faf6d34d65a92a68d71e336ce8be4b8a68b39e5aa5a71271d16ffbdd9676fdbb13eba2b45ad4f41c2dc41d6c6548757e915a9edf7adb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22881.exe

Filesize
184KB

MD5
fb4d12d3acdfd63b0c64ebe9d60def67

SHA1
5eb6e2abed499f01f14888a45b7270fd941a9901

SHA256
1d3dc4abb8b1de9cd6d97141f6b40440ee57c6a5513ab89ce23213d7375f35df

SHA512
5ce9367190ac703967bb4352a589eb3f1070f0c2e9766c0d684055c148916669361311c3dde386f5d6543e5c32793ac61b2284fa515d49a3312e5e487e3b2f96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30462.exe

Filesize
184KB

MD5
2335efc8f153a7b157d81635241cca5b

SHA1
c24ceb6e6df9d16080f2f3f74d8dd23949d847b8

SHA256
0370143f490858007ae97ec67d290dab5231f27794e4b39131c1d48629fbba96

SHA512
5569671e11d336630d6e25c7b37a413d6eea714dfc5f9d9ca1ccd2e54cdfab9a158ab7b0fb06fe074ed313fbe9ed05fa4889dcd8be75050a3a96fda338b4b7cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe

Filesize
184KB

MD5
ff9856b6aae916224db2d14caf3c7c4c

SHA1
0f2c2cbe6f3f879ae20ade73d4ed63ece7922627

SHA256
dcf4c5dac467d8a581cab07ef1e72023f1396c0b81b14488a11c46387514de28

SHA512
158b60d6dc245122ff39b6075a022754fccca98f9083324e9d165765ff53214c56a79a6bca34095993808710c01b6b9e9b29a988b717b56207393b2583ed041b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38588.exe

Filesize
184KB

MD5
c456a26990123bce69429d65b9e2c0ea

SHA1
b194c0ec1faba8332b608bf84c97f113ada3b9d2

SHA256
16672e7eca5b369a642967421e3b5b9a92f29ce11e6ebaa9261d426e837a33d6

SHA512
8c974fa5dacd789d6e73ac128a000a3cbaa601645a983cc3af9c089a9026399bf640e5ab60d14429c823db5a2d78213cea2537ce970a29b3d79e2427968e80e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe

Filesize
184KB

MD5
224bf5604cbb47d55cf6e5095af570a6

SHA1
7bd87bd07c90e82146c4d587f8731e5f3cf37858

SHA256
a082158a4baeecb700997b4fbb42ab077142de06f86b3f259f7cf89a039da977

SHA512
c4b58f4ba822aa0781545eca2bdc30be74e529ed5dd3c515976a22c3e17ec558bff5f752aa436d661a97e3f13e02999c6d18a14cfebe4f7856d6818e81b5c2f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe

Filesize
184KB

MD5
070da907dfc62cffd3cf766239345e9b

SHA1
af2334f0daa154544af87d5d79d61a5ce32581ac

SHA256
5a3de6641085d2d8baf809a6f784976f4bd70b49a62be49758f16611c46ed1ef

SHA512
82036e0db1fa62a30f85b4f62abe194bce31f3807f9394acebf7083ba848ddf952647eabee8b4eba2160a0b1ea23b55d1dfb880c6aa218a5d982245507cba2d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe

Filesize
184KB

MD5
9a054abb5aeb69f6358acbe339e145bc

SHA1
35ecf591e032a5dce378397240e1d6eb150d1359

SHA256
db870bcbd60697be336677de9ccef150a136c3ee15cac6d0a468910ce66e9bb5

SHA512
0ff067a8d5559e19ec86dcfa5740b320e19b34ae23c870abf5ce31657b9d5dc8e5eee3208924e45c6bdbcbb252363a0a007fc1785ff334065ba951e6ca6fe853

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45791.exe

Filesize
184KB

MD5
b10964e749d446bb1384d97645f260b9

SHA1
e9c7011d4b5b9628232ff5a71dd092fe50d4a265

SHA256
bb9a4bb02027dd1c17809d22a6df3a2f2a6830136cf3b17fe5a703cfc73cef5c

SHA512
77695b86126d5a78abbb6917587d782fdb0450126024d669fd1a886169690c11f5ad607e544fa7afe1b444362b537f6176e7ceef353e3ab8d7863a80634de438

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe

Filesize
184KB

MD5
e08859a72c1138bd963f95a5c1bcc5a8

SHA1
4e4984cd0c00beec34853e9a6893d45e84a70b1b

SHA256
5c15645b71921e99846cf26ce0c51aa8869e4a848f2d4458c79899727515d040

SHA512
227b2aa7866aa42a81fdb5eff007fa5cdca2cc531ad8b7b63293bd2cd17d8f7edeb7c48528f0653de0bddb675a9b289653ce43c40e40e66608843990de4cd522

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe

Filesize
184KB

MD5
cbb3e4b69c5e324e53689eb14db55dae

SHA1
febad96f7df3d5f99c5094aa5d2f520e8e5b5243

SHA256
eefcbec20111df4ce683bcf65a8d0966b2b3e0821685fe75b6a89d80a5c7b01a

SHA512
836fdd42c3a0d6d3733bd71db75b64b5d5545e0e418d5195b24a9ad61470cbf9c52b85652368c15cc52a1a678269a1b411353063a08f87662a817e52da4b19fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe

Filesize
184KB

MD5
f5f97ad21c0436961d8e36d5aa24e08d

SHA1
488aa258c4421043217784fc37bf23d2c686ca03

SHA256
04dad7ba86c715be7d12927f681a3954dc4189083996418eb266b56de6e839f1

SHA512
6dc70ed9095a2ec60c77c38db2a194fcbd9326a6e64168a927734a77988ff4790463a3d07ffa770334f579b4ae0effdd7291de77f0e6da6c0ab612346cbe2583

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe

Filesize
184KB

MD5
707825756569d621d2788990a2859ccd

SHA1
d8ebcca0a0febd8e4b939b02063a07bf427971b0

SHA256
11239a1d6b2b1d3923a2ff9c811b2c4a3a3ec5723375d5cc430a55c23e709ddb

SHA512
adc1b4efae7940d9ca2ccf766e309fffc1755f62da35164ccac73b1e6c7ec00bf10ddf8aff9b5f0bc4a81931479fb47a48c79f2163949a777ff5a5aad189d6d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe

Filesize
184KB

MD5
9443a5bce47847cd85caabd7eac131d2

SHA1
baaccb34a2916890a3ca69ac8286d81b8dc51a34

SHA256
05b6e194d44e0d2aec774a9b5eef47151b11f4928c077b27ede1bfb554707543

SHA512
8eb11104af9ffdc06363d287bcf34c33f9bda79e83de5ab0682fdd932eba4c1c7fe60414573a6e9fb98720e2885b0b0713d3e4b44996bf5850b75447303bd99c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63850.exe

Filesize
184KB

MD5
f0ee60a6a6fdd72b160f4d8957eb877e

SHA1
1320994f028cb6adcd2750beced8ed3363977608

SHA256
dc9d62e0a5b2a378ac060e532058519394ec2f56ec0b62c8eae26a3b0dffac75

SHA512
b65a8aab9b1caa75342e9a8bc1fa445ac27df6543007113937fb2be3fb8265930e054fa336cf496addad4d3584889e01a3a9542ef7746cecfc01a5fe79c06d06

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe

Filesize
184KB

MD5
6d109e71372e34c717939566b11059ce

SHA1
7eeb78ad05ec334268cb28e09a854dbe7ede4fed

SHA256
fa58a1812826683b00016a10e07ee335a9321e6e1d9d397aa798e6894e8f0884

SHA512
d1de7437fbf7e8105a61babc4b4a274f7d6679659db97bfe10d6262f1998f16785315ccef772d3dc46bc3216a23a520b7ba2184d021b051744147c583b09847a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28958.exe

Filesize
184KB

MD5
ef332b4988421a0491afe099bf2443a4

SHA1
54c23287da468837d5d8198a6472c4d7d0121a15

SHA256
07c04be7fc54c3ad41cf092866345add4b5d9968cdb773ad8186661f835a07e0

SHA512
6ddbb6127a318ba695bcaf1be714c78245b49f8c66a1e6d8aba12f602c712d0039392ddd30fee54b188e2bb52707a27efcaa68ea5c9093a20f696fa18b929c72

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe

Filesize
184KB

MD5
62c1a8161ad9f434b28c7900f960edad

SHA1
14a748927fcc57b36e84a956560f7cf1a880a152

SHA256
35d2cefb08c5e255cb0bceceda1629891049807b9579d0384984389aa3526da4

SHA512
0b61f451997a044d11a6afffb88d7ee02113339b177cd05f6a6f25a802f982b997cf1a59051c35abab60c6ad593b6a8c319c6e24b6558d87629e76d02237403c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe

Filesize
184KB

MD5
e747d0e6af8fde7194fd0c3925467cac

SHA1
d927de86d40fd53b5c36779c16c1e3bf9c2238e0

SHA256
68ba2b9cedf55b7efc89ee7bdcd6034e92ff1f7f1fde9212a58448781e8d7c92

SHA512
e441df6a9b8420558ac939f1df30bc38dd7bb33e0b8ce03dac54fc92e577bb5d5a03c26ff70e15c52def1436042369905e71ccfa18ef3e4064513f676101e357

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe

Filesize
184KB

MD5
798614469963aeec580cdb8438bad109

SHA1
b2e1de59e7bf126fa6923e1b40f4489111fbd922

SHA256
b0c18b615cc048fabf6910cbbc44bf30fff836852486bd2b22221ebe2823045b

SHA512
a73470be0663a4e257244f69f9ba82618419a92da55fe752afb504c41cb2b25be4624d4fbb1f271455dfce736469a0ba78fdabef07bd17fa7440a481c8cb4e57

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe

Filesize
184KB

MD5
b9e2483eee3562d139932e5c38f89a29

SHA1
a8a9fe3dd7c576ef55076beb18467b00dd40ce13

SHA256
12164f1a09a0cdf2262c1f6cdec09b763310a4e160637d2ac577769319ef3899

SHA512
aeba636be61eb745d7a26797cd68e86f6afd858512d9e0347c703351bea3df811745a9a5d86162bbaef8f59353e3305f828f96e9ecf2a01dfb95706a9bc197fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe

Filesize
184KB

MD5
6ba3366773e6e87ddd533b19b1e5358b

SHA1
4d81b4ea667b503a1f6c42e55b338776de25e485

SHA256
9b5deb6372689fbb9c36c0f84c3c4cd2a985c658cdc95eb1445efc253a76cf04

SHA512
fd3e33ad4435c03ec360603fb07803cbda709fefa796a011bcdf9e8852648652ab0d08e54c4b3992aeb5ae73809df12a4a2c8b0671dd65bf335505ea96862c98

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe

Filesize
184KB

MD5
411a01aa395a5b11139e56934715af7f

SHA1
0f7d881a907f845ab7924aa645d1a3a227ef8222

SHA256
186c7c798f8c7e75cf69153552405ced59ffec860ead9c86e1d7919754027d16

SHA512
f8182705eee2ea8dc80964fd1720f0a19a66d610552243d7f67c4251129933a0108d591f1b0c31775ee5c8407fb4d81fbfd06220dbd87fca3ecd52084d95dd2f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe

Filesize
184KB

MD5
9d13f96195f6dfadc985ceaf19ed3e76

SHA1
a437d09e90258558db60c40e27d68567170fb983

SHA256
30e81b6951f1abfbd68265d1327213a858651d38a43f4e768c5b313094bf0889

SHA512
d3076a60f2fcf946030c011b71f39f946335c96dbfaa7fc7a420bba136c5c554a859d7e4dad0e182c824ea55bc2c9e5958c0407154637ad4bd9a7478ca9aee9e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads