3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe
Size

184KB
MD5

a9496c1d921e486cd88b47eb2850e84a
SHA1

34cfbbd259c27d0ecdc4908771d1a5e0a6fecfb7
SHA256

3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a
SHA512

b9387068367056a3817486f411d52816a2e3968cb545fd67eba8eae7ed84af21a56daee4d01768fffbd0d287775884eafd5b4ac79bb67c402279ab04fad54b42
SSDEEP

3072:xG9Zb8ofERhTdFaWxq7LRtnqhlnViFEn3:xGYokJFaBLbnqhlnViFE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2128	Unicorn-62491.exe
2668	Unicorn-27249.exe
2556	Unicorn-47115.exe
1724	Unicorn-20556.exe
2404	Unicorn-35500.exe
2472	Unicorn-55366.exe
2636	Unicorn-22777.exe
2488	Unicorn-37721.exe
804	Unicorn-41805.exe
2336	Unicorn-26861.exe
448	Unicorn-26607.exe
996	Unicorn-14909.exe
1456	Unicorn-34775.exe
2952	Unicorn-29299.exe
2944	Unicorn-14354.exe
2896	Unicorn-14354.exe
2028	Unicorn-51194.exe
1788	Unicorn-51194.exe
1072	Unicorn-10908.exe
2140	Unicorn-38942.exe
1508	Unicorn-43026.exe
3056	Unicorn-59917.exe
1476	Unicorn-49056.exe
1708	Unicorn-29190.exe
992	Unicorn-18330.exe
2232	Unicorn-33274.exe
2276	Unicorn-43109.exe
1440	Unicorn-60192.exe
1868	Unicorn-18605.exe
1544	Unicorn-2823.exe
3060	Unicorn-57499.exe
2544	Unicorn-63529.exe
2676	Unicorn-17021.exe
2704	Unicorn-59445.exe
2516	Unicorn-10799.exe
2652	Unicorn-4022.exe
2432	Unicorn-18967.exe
2912	Unicorn-8106.exe
1660	Unicorn-45055.exe
2664	Unicorn-45055.exe
1696	Unicorn-18413.exe
1864	Unicorn-64084.exe
1616	Unicorn-19757.exe
1880	Unicorn-34701.exe
1412	Unicorn-7312.exe
1572	Unicorn-7312.exe
1348	Unicorn-36647.exe
1532	Unicorn-60597.exe
2936	Unicorn-15480.exe
1360	Unicorn-65257.exe
2764	Unicorn-29055.exe
1672	Unicorn-26363.exe
3044	Unicorn-12527.exe
356	Unicorn-36477.exe
1556	Unicorn-33462.exe
548	Unicorn-2735.exe
1872	Unicorn-56575.exe
1068	Unicorn-56575.exe
2976	Unicorn-10903.exe
2856	Unicorn-30255.exe
2216	Unicorn-16934.exe
880	Unicorn-62605.exe
1640	Unicorn-51744.exe
2508	Unicorn-1152.exe

Loads dropped DLL 64 IoCs

pid	Process
2252	3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe
2252	3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe
2252	3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe
2252	3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe
2128	Unicorn-62491.exe
2128	Unicorn-62491.exe
2668	Unicorn-27249.exe
2668	Unicorn-27249.exe
2128	Unicorn-62491.exe
2128	Unicorn-62491.exe
2556	Unicorn-47115.exe
2556	Unicorn-47115.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
2556	Unicorn-47115.exe
2472	Unicorn-55366.exe
2472	Unicorn-55366.exe
2556	Unicorn-47115.exe
1724	Unicorn-20556.exe
2668	Unicorn-27249.exe
1724	Unicorn-20556.exe
2668	Unicorn-27249.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
688	WerFault.exe
688	WerFault.exe
688	WerFault.exe
688	WerFault.exe
688	WerFault.exe
2204	WerFault.exe
2488	Unicorn-37721.exe
2488	Unicorn-37721.exe
2472	Unicorn-55366.exe
2472	Unicorn-55366.exe
2636	Unicorn-22777.exe
2636	Unicorn-22777.exe
1724	Unicorn-20556.exe
1724	Unicorn-20556.exe
2336	Unicorn-26861.exe
804	Unicorn-41805.exe
2336	Unicorn-26861.exe
804	Unicorn-41805.exe
2816	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
2084	WerFault.exe
2084	WerFault.exe
2084	WerFault.exe
2084	WerFault.exe
2084	WerFault.exe
448	Unicorn-26607.exe
996	Unicorn-14909.exe
996	Unicorn-14909.exe
448	Unicorn-26607.exe
2488	Unicorn-37721.exe
2488	Unicorn-37721.exe
2952	Unicorn-29299.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2724	2252	WerFault.exe	27
1964	2128	WerFault.exe	28
2204	2668	WerFault.exe	29
688	2556	WerFault.exe	30
2816	2472	WerFault.exe	34
2084	1724	WerFault.exe	32
2244	2488	WerFault.exe	37
2168	2636	WerFault.exe	36
1644	804	WerFault.exe	39
1684	2336	WerFault.exe	38
2296	448	WerFault.exe	42
332	996	WerFault.exe	43
2116	2952	WerFault.exe	45
268	2896	WerFault.exe	46
1312	1456	WerFault.exe	44
544	2944	WerFault.exe	47
2408	1360	WerFault.exe	93
2512	2028	WerFault.exe	51
2156	1788	WerFault.exe	50
2908	1072	WerFault.exe	52
2564	2140	WerFault.exe	53
1780	1508	WerFault.exe	54
108	1880	WerFault.exe	84
1688	1476	WerFault.exe	57
808	3056	WerFault.exe	55
1460	992	WerFault.exe	58
1492	1708	WerFault.exe	56
1700	2232	WerFault.exe	59
2700	2276	WerFault.exe	64
2600	1868	WerFault.exe	66
2460	1544	WerFault.exe	67
344	1440	WerFault.exe	65
2240	2676	WerFault.exe	70
2300	2704	WerFault.exe	71
1580	2544	WerFault.exe	69
240	2432	WerFault.exe	74
1584	2652	WerFault.exe	73
2540	1696	WerFault.exe	78
3452	1864	WerFault.exe	79
3468	2516	WerFault.exe	72
3528	1660	WerFault.exe	77
3700	2664	WerFault.exe	76
3132	2912	WerFault.exe	75
3548	2764	WerFault.exe	94
3564	356	WerFault.exe	97
3596	1616	WerFault.exe	82
3656	1412	WerFault.exe	88
3672	1640	WerFault.exe	106
3696	1872	WerFault.exe	101
3720	1068	WerFault.exe	100
3824	3060	WerFault.exe	68
3128	2588	WerFault.exe	113
3156	2576	WerFault.exe	114
3260	1572	WerFault.exe	89
4068	2936	WerFault.exe	92
3460	2580	WerFault.exe	122
3520	1936	WerFault.exe	126
3632	2596	WerFault.exe	123
3692	1516	WerFault.exe	130
3800	2236	WerFault.exe	124
3860	1940	WerFault.exe	132
4028	1288	WerFault.exe	127
4064	1216	WerFault.exe	131
3516	2264	WerFault.exe	129

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2252	3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe
2128	Unicorn-62491.exe
2556	Unicorn-47115.exe
2668	Unicorn-27249.exe
2472	Unicorn-55366.exe
1724	Unicorn-20556.exe
2488	Unicorn-37721.exe
2636	Unicorn-22777.exe
2336	Unicorn-26861.exe
804	Unicorn-41805.exe
448	Unicorn-26607.exe
996	Unicorn-14909.exe
2952	Unicorn-29299.exe
2944	Unicorn-14354.exe
2896	Unicorn-14354.exe
1456	Unicorn-34775.exe
2028	Unicorn-51194.exe
1788	Unicorn-51194.exe
1072	Unicorn-10908.exe
2140	Unicorn-38942.exe
1508	Unicorn-43026.exe
1476	Unicorn-49056.exe
992	Unicorn-18330.exe
3056	Unicorn-59917.exe
1708	Unicorn-29190.exe
2232	Unicorn-33274.exe
2276	Unicorn-43109.exe
1440	Unicorn-60192.exe
1868	Unicorn-18605.exe
1544	Unicorn-2823.exe
3060	Unicorn-57499.exe
2544	Unicorn-63529.exe
2676	Unicorn-17021.exe
2704	Unicorn-59445.exe
2516	Unicorn-10799.exe
2432	Unicorn-18967.exe
2652	Unicorn-4022.exe
2912	Unicorn-8106.exe
1660	Unicorn-45055.exe
2664	Unicorn-45055.exe
1696	Unicorn-18413.exe
1864	Unicorn-64084.exe
1616	Unicorn-19757.exe
1880	Unicorn-34701.exe
1572	Unicorn-7312.exe
1412	Unicorn-7312.exe
1348	Unicorn-36647.exe
1532	Unicorn-60597.exe
2936	Unicorn-15480.exe
1360	Unicorn-65257.exe
2764	Unicorn-29055.exe
1672	Unicorn-26363.exe
3044	Unicorn-12527.exe
356	Unicorn-36477.exe
1556	Unicorn-33462.exe
548	Unicorn-2735.exe
1068	Unicorn-56575.exe
2856	Unicorn-30255.exe
1640	Unicorn-51744.exe
2508	Unicorn-1152.exe
1872	Unicorn-56575.exe
2976	Unicorn-10903.exe
880	Unicorn-62605.exe
2588	Unicorn-21786.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2128	2252	3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe	28
PID 2252 wrote to memory of 2128	2252	3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe	28
PID 2252 wrote to memory of 2128	2252	3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe	28
PID 2252 wrote to memory of 2128	2252	3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe	28
PID 2252 wrote to memory of 2668	2252	3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe	29
PID 2252 wrote to memory of 2668	2252	3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe	29
PID 2252 wrote to memory of 2668	2252	3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe	29
PID 2252 wrote to memory of 2668	2252	3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe	29
PID 2128 wrote to memory of 2556	2128	Unicorn-62491.exe	30
PID 2128 wrote to memory of 2556	2128	Unicorn-62491.exe	30
PID 2128 wrote to memory of 2556	2128	Unicorn-62491.exe	30
PID 2128 wrote to memory of 2556	2128	Unicorn-62491.exe	30
PID 2252 wrote to memory of 2724	2252	3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe	31
PID 2252 wrote to memory of 2724	2252	3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe	31
PID 2252 wrote to memory of 2724	2252	3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe	31
PID 2252 wrote to memory of 2724	2252	3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe	31
PID 2668 wrote to memory of 1724	2668	Unicorn-27249.exe	32
PID 2668 wrote to memory of 1724	2668	Unicorn-27249.exe	32
PID 2668 wrote to memory of 1724	2668	Unicorn-27249.exe	32
PID 2668 wrote to memory of 1724	2668	Unicorn-27249.exe	32
PID 2128 wrote to memory of 2404	2128	Unicorn-62491.exe	33
PID 2128 wrote to memory of 2404	2128	Unicorn-62491.exe	33
PID 2128 wrote to memory of 2404	2128	Unicorn-62491.exe	33
PID 2128 wrote to memory of 2404	2128	Unicorn-62491.exe	33
PID 2556 wrote to memory of 2472	2556	Unicorn-47115.exe	34
PID 2556 wrote to memory of 2472	2556	Unicorn-47115.exe	34
PID 2556 wrote to memory of 2472	2556	Unicorn-47115.exe	34
PID 2556 wrote to memory of 2472	2556	Unicorn-47115.exe	34
PID 2128 wrote to memory of 1964	2128	Unicorn-62491.exe	35
PID 2128 wrote to memory of 1964	2128	Unicorn-62491.exe	35
PID 2128 wrote to memory of 1964	2128	Unicorn-62491.exe	35
PID 2128 wrote to memory of 1964	2128	Unicorn-62491.exe	35
PID 2472 wrote to memory of 2636	2472	Unicorn-55366.exe	36
PID 2472 wrote to memory of 2636	2472	Unicorn-55366.exe	36
PID 2472 wrote to memory of 2636	2472	Unicorn-55366.exe	36
PID 2472 wrote to memory of 2636	2472	Unicorn-55366.exe	36
PID 2556 wrote to memory of 2488	2556	Unicorn-47115.exe	37
PID 2556 wrote to memory of 2488	2556	Unicorn-47115.exe	37
PID 2556 wrote to memory of 2488	2556	Unicorn-47115.exe	37
PID 2556 wrote to memory of 2488	2556	Unicorn-47115.exe	37
PID 1724 wrote to memory of 2336	1724	Unicorn-20556.exe	38
PID 1724 wrote to memory of 2336	1724	Unicorn-20556.exe	38
PID 1724 wrote to memory of 2336	1724	Unicorn-20556.exe	38
PID 1724 wrote to memory of 2336	1724	Unicorn-20556.exe	38
PID 2668 wrote to memory of 804	2668	Unicorn-27249.exe	39
PID 2668 wrote to memory of 804	2668	Unicorn-27249.exe	39
PID 2668 wrote to memory of 804	2668	Unicorn-27249.exe	39
PID 2668 wrote to memory of 804	2668	Unicorn-27249.exe	39
PID 2668 wrote to memory of 2204	2668	Unicorn-27249.exe	40
PID 2668 wrote to memory of 2204	2668	Unicorn-27249.exe	40
PID 2668 wrote to memory of 2204	2668	Unicorn-27249.exe	40
PID 2668 wrote to memory of 2204	2668	Unicorn-27249.exe	40
PID 2556 wrote to memory of 688	2556	Unicorn-47115.exe	41
PID 2556 wrote to memory of 688	2556	Unicorn-47115.exe	41
PID 2556 wrote to memory of 688	2556	Unicorn-47115.exe	41
PID 2556 wrote to memory of 688	2556	Unicorn-47115.exe	41
PID 2488 wrote to memory of 448	2488	Unicorn-37721.exe	42
PID 2488 wrote to memory of 448	2488	Unicorn-37721.exe	42
PID 2488 wrote to memory of 448	2488	Unicorn-37721.exe	42
PID 2488 wrote to memory of 448	2488	Unicorn-37721.exe	42
PID 2472 wrote to memory of 996	2472	Unicorn-55366.exe	43
PID 2472 wrote to memory of 996	2472	Unicorn-55366.exe	43
PID 2472 wrote to memory of 996	2472	Unicorn-55366.exe	43
PID 2472 wrote to memory of 996	2472	Unicorn-55366.exe	43

C:\Users\Admin\AppData\Local\Temp\3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe
"C:\Users\Admin\AppData\Local\Temp\3bf5b14500edbbaba06ecc3a49a7ef9ed564af7b40d1eecfc85f61d82c28871a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55366.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22777.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34775.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18330.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30255.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        10⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-618.exe
        11⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53083.exe
        12⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63192.exe
        13⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35834.exe
        14⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
        15⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29854.exe
        16⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10544 -s 216
        16⤵
        
        PID:12596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 220
        15⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
        14⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
        13⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        12⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
        11⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
        10⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
        11⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37593.exe
        12⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
        13⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19065.exe
        14⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 236
        14⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
        13⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
        12⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
        11⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        10⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe
        9⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24822.exe
        10⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52912.exe
        11⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
        12⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        13⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19828.exe
        14⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 216
        14⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 236
        13⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 236
        12⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        11⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
        10⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
        9⤵
        Program crash
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
        9⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
        10⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
        11⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        12⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        13⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
        14⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1286.exe
        15⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 236
        14⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 220
        13⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        12⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        11⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 236
        10⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        9⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
        10⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13197.exe
        11⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51340.exe
        12⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
        13⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
        14⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8820 -s 216
        13⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
        12⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
        11⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        10⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
        9⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
        8⤵
        Program crash
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10903.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61604.exe
        9⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
        10⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        11⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59108.exe
        12⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        13⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63418.exe
        14⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9817.exe
        15⤵
        
        PID:1888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 220
        15⤵
        
        PID:12660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
        14⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
        13⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
        12⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
        11⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
        10⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48428.exe
        9⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
        10⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6160.exe
        11⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        12⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
        13⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 216
        13⤵
        
        PID:11772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
        12⤵
        
        PID:9756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        11⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
        10⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        9⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29098.exe
        9⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        10⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        11⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32897.exe
        12⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
        13⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 216
        13⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
        12⤵
        
        PID:10828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 236
        11⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        10⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 216
        9⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
        8⤵
        Program crash
        
        PID:3452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 240
        7⤵
        Program crash
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16934.exe
        8⤵
        Executes dropped EXE
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26794.exe
        9⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29783.exe
        10⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59689.exe
        11⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe
        12⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56446.exe
        13⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30191.exe
        14⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29854.exe
        15⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 216
        15⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 216
        14⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
        13⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
        12⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        11⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 236
        10⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
        9⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59689.exe
        10⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29342.exe
        11⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49565.exe
        12⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
        13⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59537.exe
        14⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 216
        14⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
        13⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
        12⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        11⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
        10⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
        9⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45823.exe
        8⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
        9⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26441.exe
        10⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1931.exe
        11⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
        12⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6973.exe
        13⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        14⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 216
        14⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
        13⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
        12⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        11⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        10⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 236
        9⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 220
        8⤵
        Program crash
        
        PID:2540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
        7⤵
        Program crash
        
        PID:1700
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        6⤵
        Program crash
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14909.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53088.exe
        9⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40883.exe
        10⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3306.exe
        11⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32767.exe
        12⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52279.exe
        13⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9495.exe
        14⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19828.exe
        15⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
        15⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
        14⤵
        
        PID:10700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
        13⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 236
        12⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 216
        11⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
        10⤵
        Program crash
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12657.exe
        9⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
        10⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8454.exe
        11⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15715.exe
        12⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17088.exe
        13⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31333.exe
        14⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 216
        14⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 216
        13⤵
        
        PID:10480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
        12⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        11⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
        10⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        9⤵
        Program crash
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
        8⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49051.exe
        9⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1168.exe
        10⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29259.exe
        11⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
        12⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5027.exe
        13⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        14⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 220
        14⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
        13⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
        12⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
        11⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 216
        10⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        9⤵
        Program crash
        
        PID:3632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
        8⤵
        Program crash
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36647.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16140.exe
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
        9⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7966.exe
        10⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17007.exe
        11⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
        12⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
        13⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50575.exe
        14⤵
        
        PID:11716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9256 -s 216
        14⤵
        
        PID:12388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 216
        13⤵
        
        PID:11092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        12⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        11⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
        10⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        9⤵
        Program crash
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17317.exe
        8⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
        9⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60862.exe
        10⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65107.exe
        11⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1711.exe
        12⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        13⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10284 -s 216
        13⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 216
        12⤵
        
        PID:11132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
        11⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
        10⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
        9⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
        8⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        7⤵
        Program crash
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2823.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60597.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
        8⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
        9⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54453.exe
        10⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        11⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
        12⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 220
        13⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
        11⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        10⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
        9⤵
        Program crash
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20825.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
        9⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe
        10⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62969.exe
        11⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42552.exe
        12⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3896.exe
        13⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10356 -s 220
        13⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 216
        12⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 220
        11⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 236
        10⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        9⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
        8⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        7⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57027.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42397.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17334.exe
        9⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
        10⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        11⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
        12⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9468 -s 216
        12⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
        11⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 236
        10⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        9⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
        8⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
        7⤵
        Program crash
        
        PID:2460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 220
        6⤵
        Program crash
        
        PID:332
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37721.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26607.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43109.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21786.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46529.exe
        10⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50670.exe
        11⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
        12⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14754.exe
        13⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
        14⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        15⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 216
        15⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 216
        14⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        13⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
        12⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
        11⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        10⤵
        Program crash
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        9⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32388.exe
        10⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        11⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe
        12⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
        13⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51561.exe
        14⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
        14⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
        13⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
        12⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 236
        11⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        9⤵
        Program crash
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
        8⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
        10⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31999.exe
        11⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10670.exe
        12⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
        13⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        14⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 216
        14⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 216
        13⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
        12⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
        11⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
        10⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        9⤵
        Program crash
        
        PID:3156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
        8⤵
        Program crash
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
        8⤵
        Program crash
        
        PID:108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        7⤵
        Program crash
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60192.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
        8⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57027.exe
        9⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        10⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
        11⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        12⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        13⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30757.exe
        14⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 216
        14⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
        13⤵
        
        PID:10440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        12⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
        11⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
        10⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
        9⤵
        Program crash
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        9⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        10⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4256.exe
        11⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
        12⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24836.exe
        13⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9548 -s 216
        13⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
        12⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
        10⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        9⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 240
        8⤵
        Program crash
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61811.exe
        7⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
        9⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
        10⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
        11⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21831.exe
        12⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60580.exe
        13⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10716 -s 220
        13⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 216
        12⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 220
        11⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
        10⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        9⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 216
        8⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 220
        7⤵
        Program crash
        
        PID:344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 240
        6⤵
        Program crash
        
        PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 200
        8⤵
        Program crash
        
        PID:2408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 236
        7⤵
        Program crash
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29055.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
        7⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        9⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe
        10⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52985.exe
        11⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13382.exe
        12⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 236
        12⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 216
        11⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
        10⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        9⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
        8⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        7⤵
        Program crash
        
        PID:3548
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 240
        6⤵
        Program crash
        
        PID:2908
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
        5⤵
        Program crash
        
        PID:2244
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
    3⤵
    - Executes dropped EXE
    PID:2404
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27249.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27249.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20556.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20556.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26861.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14354.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4022.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        8⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
        9⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13420.exe
        10⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
        11⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
        12⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21556.exe
        13⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13242.exe
        14⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 216
        14⤵
        
        PID:12372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 220
        13⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
        12⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        11⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 216
        10⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
        9⤵
        Program crash
        
        PID:4064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 216
        8⤵
        Program crash
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10265.exe
        8⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
        9⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65055.exe
        10⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12424.exe
        11⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        12⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30373.exe
        13⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9684 -s 216
        13⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
        12⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
        11⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        10⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 216
        9⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 236
        8⤵
        Program crash
        
        PID:3720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
        7⤵
        Program crash
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33462.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        8⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40089.exe
        9⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39269.exe
        10⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46062.exe
        11⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15221.exe
        12⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe
        13⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7980.exe
        14⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10584 -s 216
        14⤵
        
        PID:12508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 216
        13⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 216
        12⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
        11⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        10⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32475.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
        9⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63192.exe
        10⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
        11⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
        12⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51836.exe
        13⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10444 -s 220
        13⤵
        
        PID:12544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 220
        12⤵
        
        PID:10844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 220
        11⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        10⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        9⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
        8⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe
        9⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
        10⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53950.exe
        11⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57977.exe
        12⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49532.exe
        13⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 216
        13⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 236
        12⤵
        
        PID:11052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 236
        11⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 236
        10⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
        9⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
        8⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
        7⤵
        Program crash
        
        PID:240
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
        6⤵
        Program crash
        
        PID:544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29190.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe
        8⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6648.exe
        9⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2512.exe
        10⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
        11⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17552.exe
        12⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
        13⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        14⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 216
        14⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 216
        13⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
        12⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
        11⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        10⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
        9⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe
        8⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        9⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18953.exe
        10⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16099.exe
        11⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        12⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19273.exe
        13⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9704 -s 216
        13⤵
        
        PID:12336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
        12⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        11⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 236
        10⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        9⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
        8⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26270.exe
        9⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42492.exe
        10⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22015.exe
        11⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34602.exe
        12⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 216
        12⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
        11⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 236
        10⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 236
        9⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
        8⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
        7⤵
        Program crash
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        8⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
        9⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        10⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
        11⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63237.exe
        12⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9464 -s 216
        12⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
        11⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
        10⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
        9⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
        8⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 216
        7⤵
        Program crash
        
        PID:3696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
        6⤵
        Program crash
        
        PID:1492
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        5⤵
        Program crash
        
        PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63529.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
        8⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe
        9⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63628.exe
        10⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29965.exe
        11⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe
        12⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29005.exe
        13⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22506.exe
        14⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 216
        14⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
        13⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 236
        12⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        11⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
        10⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 216
        9⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6596.exe
        9⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46856.exe
        10⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37972.exe
        11⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
        12⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43668.exe
        13⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10516 -s 216
        13⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 220
        12⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 220
        11⤵
        
        PID:9312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 236
        10⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        9⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
        8⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21318.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33483.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13804.exe
        9⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
        10⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
        11⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe
        12⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9158.exe
        13⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 216
        13⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
        12⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
        11⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 236
        10⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
        9⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
        8⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        7⤵
        Program crash
        
        PID:1580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
        6⤵
        Program crash
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65340.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18133.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3306.exe
        9⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        10⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33997.exe
        11⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        12⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        13⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 216
        13⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
        12⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        11⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
        10⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        9⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
        8⤵
        Program crash
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9149.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3306.exe
        8⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10400.exe
        9⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
        10⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
        11⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47669.exe
        12⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 216
        12⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
        11⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
        10⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 236
        9⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        8⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
        7⤵
        Program crash
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22916.exe
        6⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29757.exe
        8⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
        9⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4661.exe
        10⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
        11⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7482.exe
        12⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
        11⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
        10⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 236
        9⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 240
        8⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
        7⤵
        Program crash
        
        PID:3860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        6⤵
        Program crash
        
        PID:2240
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        5⤵
        Program crash
        
        PID:2116
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14354.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43026.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        7⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe
        8⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        10⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2694.exe
        11⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
        12⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55645.exe
        13⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10004 -s 216
        13⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
        12⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
        11⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        10⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
        9⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 236
        8⤵
        Program crash
        
        PID:4028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 216
        7⤵
        Program crash
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
        7⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51957.exe
        8⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
        9⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63192.exe
        10⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38657.exe
        11⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31862.exe
        12⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe
        13⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9856 -s 216
        13⤵
        
        PID:12424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
        12⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
        11⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        10⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        9⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
        8⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3311.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
        8⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        9⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        10⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
        11⤵
        
        PID:10244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 216
        11⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
        10⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
        9⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        8⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
        7⤵
        
        PID:4776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
        6⤵
        Program crash
        
        PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36477.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8319.exe
        7⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
        9⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14287.exe
        10⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18315.exe
        11⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        12⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
        12⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
        11⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
        10⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        9⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 236
        8⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 236
        7⤵
        Program crash
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58075.exe
        6⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
        7⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
        8⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16426.exe
        9⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
        10⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
        11⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 236
        11⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
        10⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
        9⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
        8⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 216
        7⤵
        
        PID:4332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        6⤵
        Program crash
        
        PID:3468
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
        5⤵
        Program crash
        
        PID:268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59917.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8106.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51744.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
        9⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14287.exe
        10⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46903.exe
        11⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20752.exe
        12⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 216
        12⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
        11⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
        10⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        9⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
        8⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
        7⤵
        Program crash
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        6⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23260.exe
        7⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        8⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        9⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64391.exe
        10⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55946.exe
        11⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 216
        11⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
        10⤵
        
        PID:11008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 236
        9⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 236
        8⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
        7⤵
        
        PID:5116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
        6⤵
        Program crash
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16488.exe
        6⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
        8⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        9⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65107.exe
        10⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26024.exe
        11⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe
        12⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10384 -s 216
        12⤵
        
        PID:12396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 216
        11⤵
        
        PID:936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 216
        10⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 236
        9⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        8⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        7⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe
        6⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
        7⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63192.exe
        8⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19140.exe
        9⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
        10⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        11⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 216
        11⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
        10⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
        9⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 236
        8⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
        7⤵
        
        PID:5896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
        6⤵
        
        PID:4540
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
        5⤵
        Program crash
        
        PID:808
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
      4⤵
      Program crash
      PID:1644
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2204
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
  2⤵
  - Program crash
  PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20556.exe

Filesize
184KB

MD5
7e71f78699d0887d2a4b1805a4f640c8

SHA1
5f143f73aec93bf850d0d04baed94fa634629a92

SHA256
298c357870e1613c15b8047e66509e4a869277641556dac01777004673bea5cd

SHA512
d2c7b384c826e440fcf3f3374dafef8d0bc5aee7c008a4b8612982d7488bba6835eada5442b720458eb36cc51b6d66d1760a0dc3f7321bb7c75cf0b84a5e679c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27249.exe

Filesize
184KB

MD5
7e435e70c40f9421482a1a79f3afeb73

SHA1
288e54108e4eafb3c377037cb7ebb1561a87f474

SHA256
1051f859820a1d57174c92b6ff7796e6ecfd0f45721cd43dd3eddaa8c587ea8a

SHA512
aa5f075f625f145aa839bdb4fe60bd5206c4389245ec6db9c1e388b104667d400cd42daad32d8eded1aeeff81a3d0c04c861b59f4729ab70188290888daab1bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34775.exe

Filesize
184KB

MD5
159c6820df765b0ffbfe849242397e3f

SHA1
cfca394d7d63d82de274e1cbf9229545d174f0a3

SHA256
30d9e97ad77629e62e760632ffe5183baf944db27e5a9129915887184ca8a1bd

SHA512
53f0d904dced40eeb924ceffc1efeb2ab92f3a7b0264707d46702dc8848eb71fe3a9ccb541f48da72d657278bfc1685951f3f0553388d6a5dc49a5b9b5835631

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe

Filesize
184KB

MD5
e10ee19f128b9a3eb265447d4e502546

SHA1
e1f04984f78354ef745b8f5423ffc5fdf665e129

SHA256
36f9c210f458c2dfd38f60db1f938a309446417fbe0a682f326412c77701aee6

SHA512
6a96cb5e7a40c7492e9dd24f3a9488b963a46bb715f7df3ddfd96c90ef43b6508859396ddf0bb95fbef52baa287506d82d80eb898a3f92866a8bbf8fff711b20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe

Filesize
184KB

MD5
22e6289b5472c0ec16306788b8a29aac

SHA1
568a48c165884d81adcc116d72433f6b9e88f762

SHA256
4c1cf69006a103f316bf8cea6ec6a06b89e033ac9804d86ed5e3893a50b06cab

SHA512
81acf3d51d6ae68a2604098973e27c3916d72a90c3293951750148ad0e34ccb76423823cd9d6af2df3ad28c841ea4b5f42c09b652730cd417919b47fae4119b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe

Filesize
184KB

MD5
cf63667a01bb6545217cf0a8c6d88a6f

SHA1
32d49fe6032c81dd5f1fdfdd7cb046b6190cf732

SHA256
cb13e1909136d344a3ca00d37d6f99b6492076d585c8fa9467ce00de94a7a924

SHA512
732c5541e3768efccc6dcf7c4a41b0640979ab5d546163328df48b2e136f685049463b9c15b5bde3ea5ba7fe14df57ed0d48c5459b1e07aedd0239298be4ff91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe

Filesize
184KB

MD5
1fde529cb17a0fd4f10ab4c2a9492540

SHA1
39d37e7a3e573e43f47cf020840162334b2bd9b0

SHA256
fa70fe7f9ed52c1bcecc8136b22a16dfdfec924984e009728c69b866c7ab8351

SHA512
d9bb9d2bfc6cdc8907743eecc058807d2f9cf00e135c5682717ba9ee112eb0670ce5ec8d8b82df36b2d5c9cc52a3c754caef9c60dd0280207c9332e3052acc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe

Filesize
184KB

MD5
d8839f111792873cecf1f4b54a169474

SHA1
073d22b285b927baa026206478369d4c8ada9598

SHA256
d985f3464aeaabf30ee12aea76934faabf73c7ffffd710b4b025a829ac83ef96

SHA512
193e15c883e8969be9496e7bdc8c4bd665901393163bcd9d8fa133ddee413f0a847644a6cdb07b67607bd895ac7f48394b0f0a51ce45e1c77e1aef663170b872

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe

Filesize
184KB

MD5
1adfad07bd69c448c8f371164d244360

SHA1
5f06e14d7f7427a4379a82a5c65c7003b15fa1d6

SHA256
05d1af39085823e8ae05c0b02be3fff54d3f675abb19bb9b3bc5c4566c1ca4b4

SHA512
238bd27c8a9053e7c3c478987ccb02adac630507e0921e925ef5f48ff53d846373ed7aa2254fc8ae8c45de4c47ebb561241ea9cc14e4bbf48c13696c28d16765

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60862.exe

Filesize
184KB

MD5
a6c17ad3636ac038ad3256f34a6870ab

SHA1
01c7dc25a4fb0fd9dee1e5ed2926eabf1b2313c6

SHA256
7c2085da7896ae582aff6b0822fa46a3b63aa413048ebe25d93049fc5a522fc5

SHA512
f43373e703138d6a590763086ef23d2acf9e522b2430b11974be638cfad68ebbe216fd35a169355a7afee1171ff0fd79b98bc1703f72f63780851118b0641435

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6160.exe

Filesize
184KB

MD5
7129a796b6bd90df6523b3e3ad9d6d27

SHA1
277a6175e906d7e5eb5580ab290f1ece43fd29c3

SHA256
f3850af107c9bdff7dcbd875c6da27052aa86fd24bddfc9602573af0d71b1e5a

SHA512
9946f487859b7aebe6544c09a5f29fb11fecde9356485de0a7836993b33c5c03e67560506784545dc62bc8d46a7722314ea4202efffd9b087ab14b6d0d9c6306

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6648.exe

Filesize
184KB

MD5
2f954669003269906773173eaa7c66b2

SHA1
591b0a2c779ad9539d45b8696bc43a430c5ba7ec

SHA256
ecdc7b34d06344d9e4cf2cc79e64735f89f674338e259640b2de5bf5c9796968

SHA512
61411c53685cbdffeeeb442b2cd3cd61a891fea2292cdec6d46e6d30aa9b1d82ceaba1ab7cda52ffd9e58b0450b1b29e6b85d06330a45af33390e989dd39d525

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14909.exe

Filesize
184KB

MD5
e63707373a1fc18ce28503381bd969a1

SHA1
7a710932fc7e7b57c272a9ea3de615b1dcb60316

SHA256
b225574486e4c179fe2f638f4b0b5560720e7d530f98c96b966c68727f2aca5a

SHA512
a90a4c426b4c3ca5ce28bb6e43bca5fd95b464138ee4773dcb58e0a4ba16b27a59f50e8fe73b30b30b85ad8c767b9a254aa06dce1ae763745fb1c9a02029e2ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22777.exe

Filesize
184KB

MD5
e71e03b1e4e87074ec472c47a92b1be5

SHA1
6d31ea73f670d5e85494f0d53fff539afa8e87b2

SHA256
9fba421f06101a940b2cc0df591193e096d784a3b6f98a0cde2593a28f84d74d

SHA512
2a1e4b2d6f10b34248a7bc7588769ec7b4ba1090dc7389c221c1f353c125ccf53cf9583390efb7210c5818f24e6dea4a70f740646df78cba1d7b57b5a92f6b74

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26607.exe

Filesize
184KB

MD5
ad09e55d43c39c516ecb255ebadfd67f

SHA1
a8218ef2c361beb7963bf61f439fc00976bd344f

SHA256
84977fd90940d2302adfd5d8daad0ad223410576f3bb637b8484679feac0b1da

SHA512
1aa4b0afd96c4225b1e35bb7bb646217ef965bf8be84b37ac1ba10cb638e6342eddea49a1f4c8bd73c4a4d5482ac3bc7bcca7b80f50b1fcb0c6f983423b35f61

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26861.exe

Filesize
184KB

MD5
410e8ba765c4e5c2409f5b4983f44cda

SHA1
828853f2dbd4bc5d73e89fc37d258993d34487f0

SHA256
1202b350f6573759a336b666ad6ed1b45cea7f5cc69bb9e9d3163d5c0e591867

SHA512
280c8c8388c72b902b0018b303a1aa8b91307c2bde3c586ead98ab58f182c9c0f1bf89429e634abc049cdb84f2076ed1dc44a67feda687b06b2cc636defd3231

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe

Filesize
184KB

MD5
e8a24a35598e560d565df8d3db622e8f

SHA1
011c0e4f3dcc067dcacb7cbe8f8b94f0d5b49ea2

SHA256
4e8371660ca8e04c77750e66680a85146f222e95d3c6d69a03e58d096aa5a45c

SHA512
684d6723f40fe306933a23b7a76ee9cce5b762091e0de7b15f86c29fb02f1dfef31b75d8085787472310971927afb9c76b080af6e98ca3e6606145d5e43a78ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37721.exe

Filesize
184KB

MD5
a1b4b9f21dee2d4ab90b85652c44e77f

SHA1
3cb9935ca72a1bda529c9e896a977d0710b91e3e

SHA256
c37bbbf3c52940224f51179f7533f2474903dcd63dcc0c87afdf3ea6166a18cc

SHA512
4cb9431a83e11f29f36fed40fcb2757a5a6882ee3e1e76e7d87cf3d85c4e97e0fa4f5442e2b3effe59fde9e937310066041ecad18cc83aa4636c44acb8071f83

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55366.exe

Filesize
184KB

MD5
356f175a72e1680c09274dbbc06c528f

SHA1
868b4275c08721d838fe9c1abf0a90a3d6331b75

SHA256
1c2d85e8cece26b5d2ef78c9cdcd3a0f79b994130569ea2d9f1e5dcab91d4462

SHA512
9c3a2415a2c6f11ff8ab3f89bb09ba13c40797143cca462f07a7e69d54b23ba751075dd325bc302a827cc8b7240e741ab1c8478e9f5733c455abf8b715d206da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe

Filesize
184KB

MD5
8adee9c9779dd554088c8d849664b344

SHA1
2b7b916d610c1aba39772ddabb4602f16024270a

SHA256
8dd5e3530c4a1a2d27126a3842e0992a4fc80073bcda082f8b2d5947e4774cea

SHA512
98284cd5339d40bb1d7b6541a02a80344eaad541a73b40840b248f23e286340efa77fd467383250e8a1239881b0279f4ddfe1304a70e0e42cefc2c95ed92fb2b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads