55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 21:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe
Size

184KB
MD5

79fdeefd1bf1cf0e1583c4364bc829bc
SHA1

24ec3a7c88b7ccb7d69f57c83fa3db6d4ee2565c
SHA256

55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f
SHA512

7b9ee4ec982cf9690e1b7931e1824d12a5b22936a309198cfecef09bd053e55a314c20ceca796532edf33c6dac0ec975749969f1c7df026a92464e7566675de2
SSDEEP

3072:h+fScgolNJwzdVjxeJsLpxpjIKYYIPBKH+tKO5qbUsWhlnVOF4:h+WoOpVjBLPpjIMeskhlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2172	Unicorn-50696.exe
3068	Unicorn-26275.exe
1692	Unicorn-6409.exe
2684	Unicorn-45901.exe
2688	Unicorn-64183.exe
1316	Unicorn-13591.exe
2832	Unicorn-867.exe
2872	Unicorn-50623.exe
3020	Unicorn-62320.exe
2416	Unicorn-31594.exe
1928	Unicorn-11728.exe
1696	Unicorn-33779.exe
2044	Unicorn-48724.exe
1508	Unicorn-48745.exe
2016	Unicorn-36493.exe
2988	Unicorn-36493.exe
1948	Unicorn-34909.exe
2072	Unicorn-4183.exe
352	Unicorn-53981.exe
2352	Unicorn-41729.exe
1160	Unicorn-56674.exe
1812	Unicorn-45813.exe
2008	Unicorn-44422.exe
2436	Unicorn-36061.exe
1060	Unicorn-51843.exe
1400	Unicorn-43675.exe
2240	Unicorn-11557.exe
2444	Unicorn-31423.exe
2140	Unicorn-696.exe
1196	Unicorn-46368.exe
2472	Unicorn-21392.exe
2716	Unicorn-54619.exe
2672	Unicorn-13031.exe
2800	Unicorn-50535.exe
2572	Unicorn-23338.exe
2536	Unicorn-41620.exe
3040	Unicorn-5418.exe
2276	Unicorn-60094.exe
2880	Unicorn-64178.exe
2912	Unicorn-56010.exe
2512	Unicorn-23700.exe
1972	Unicorn-587.exe
1576	Unicorn-35398.exe
1700	Unicorn-4671.exe
1968	Unicorn-50343.exe
2332	Unicorn-57956.exe
1540	Unicorn-38090.exe
2260	Unicorn-42174.exe
1516	Unicorn-27230.exe
2268	Unicorn-45979.exe
1668	Unicorn-60924.exe
900	Unicorn-56093.exe
1236	Unicorn-23975.exe
2236	Unicorn-39757.exe
1720	Unicorn-41703.exe
1332	Unicorn-40887.exe
1600	Unicorn-44417.exe
2100	Unicorn-28635.exe
2340	Unicorn-62699.exe
2748	Unicorn-62699.exe
2808	Unicorn-65392.exe
2552	Unicorn-34665.exe
2696	Unicorn-54531.exe
2556	Unicorn-54531.exe

Loads dropped DLL 64 IoCs

pid	Process
2604	55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe
2604	55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe
2172	Unicorn-50696.exe
2172	Unicorn-50696.exe
2604	55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe
2604	55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe
1692	Unicorn-6409.exe
1692	Unicorn-6409.exe
2172	Unicorn-50696.exe
3068	Unicorn-26275.exe
3068	Unicorn-26275.exe
2172	Unicorn-50696.exe
2576	WerFault.exe
2576	WerFault.exe
2576	WerFault.exe
2576	WerFault.exe
2576	WerFault.exe
2688	Unicorn-64183.exe
2688	Unicorn-64183.exe
3068	Unicorn-26275.exe
3068	Unicorn-26275.exe
2684	Unicorn-45901.exe
2684	Unicorn-45901.exe
1316	Unicorn-13591.exe
1316	Unicorn-13591.exe
1692	Unicorn-6409.exe
1692	Unicorn-6409.exe
328	WerFault.exe
328	WerFault.exe
328	WerFault.exe
328	WerFault.exe
2868	WerFault.exe
2868	WerFault.exe
2868	WerFault.exe
2868	WerFault.exe
328	WerFault.exe
2868	WerFault.exe
2832	Unicorn-867.exe
2832	Unicorn-867.exe
2688	Unicorn-64183.exe
2688	Unicorn-64183.exe
2872	Unicorn-50623.exe
2872	Unicorn-50623.exe
2416	Unicorn-31594.exe
3020	Unicorn-62320.exe
3020	Unicorn-62320.exe
2416	Unicorn-31594.exe
2684	Unicorn-45901.exe
2684	Unicorn-45901.exe
1316	Unicorn-13591.exe
1316	Unicorn-13591.exe
1644	WerFault.exe
1644	WerFault.exe
1644	WerFault.exe
1644	WerFault.exe
1644	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2676	2604	WerFault.exe	27
2576	2172	WerFault.exe	28
328	1692	WerFault.exe	30
2868	3068	WerFault.exe	29
1644	2688	WerFault.exe	34
2400	2684	WerFault.exe	32
1816	1316	WerFault.exe	33
1568	2832	WerFault.exe	36
1704	2872	WerFault.exe	37
1984	1928	WerFault.exe	40
2296	2416	WerFault.exe	39
1860	3020	WerFault.exe	38
536	2044	WerFault.exe	44
984	1696	WerFault.exe	43
284	1508	WerFault.exe	45
2304	1948	WerFault.exe	48
2280	2016	WerFault.exe	47
1672	2988	WerFault.exe	46
948	2072	WerFault.exe	49
2220	1972	WerFault.exe	81
1744	352	WerFault.exe	53
1748	2352	WerFault.exe	54
1944	1812	WerFault.exe	56
1724	2008	WerFault.exe	57
2176	1160	WerFault.exe	55
2312	2436	WerFault.exe	58
2792	1060	WerFault.exe	59
2876	2444	WerFault.exe	62
2928	2240	WerFault.exe	61
3032	1400	WerFault.exe	60
1676	2140	WerFault.exe	63
1952	1196	WerFault.exe	64
2704	2340	WerFault.exe	105
3308	2716	WerFault.exe	71
3336	2800	WerFault.exe	73
3444	2672	WerFault.exe	72
3452	2572	WerFault.exe	74
3520	2472	WerFault.exe	67
3564	2536	WerFault.exe	75
3620	1576	WerFault.exe	82
3716	2332	WerFault.exe	85
3080	1516	WerFault.exe	88
3228	932	WerFault.exe	170
3236	1968	WerFault.exe	84
3292	2512	WerFault.exe	80
3420	900	WerFault.exe	98
3464	2276	WerFault.exe	77
3736	2748	WerFault.exe	106
3812	2912	WerFault.exe	79
3268	3040	WerFault.exe	76
3368	1752	WerFault.exe	169
3432	1056	WerFault.exe	124
3516	2880	WerFault.exe	78
3604	2808	WerFault.exe	107
3592	2588	WerFault.exe	111
3628	308	WerFault.exe	115
3700	2104	WerFault.exe	118
3656	2696	WerFault.exe	109
3920	2500	WerFault.exe	116
3924	3036	WerFault.exe	113
3936	1700	WerFault.exe	83
3976	2556	WerFault.exe	110
4024	264	WerFault.exe	123
4088	2260	WerFault.exe	87

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2604	55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe
2172	Unicorn-50696.exe
1692	Unicorn-6409.exe
3068	Unicorn-26275.exe
2684	Unicorn-45901.exe
2688	Unicorn-64183.exe
1316	Unicorn-13591.exe
2832	Unicorn-867.exe
2872	Unicorn-50623.exe
3020	Unicorn-62320.exe
1928	Unicorn-11728.exe
2416	Unicorn-31594.exe
1696	Unicorn-33779.exe
2044	Unicorn-48724.exe
1508	Unicorn-48745.exe
1948	Unicorn-34909.exe
2016	Unicorn-36493.exe
2988	Unicorn-36493.exe
2072	Unicorn-4183.exe
352	Unicorn-53981.exe
2352	Unicorn-41729.exe
2008	Unicorn-44422.exe
1160	Unicorn-56674.exe
1812	Unicorn-45813.exe
2436	Unicorn-36061.exe
1060	Unicorn-51843.exe
1400	Unicorn-43675.exe
2444	Unicorn-31423.exe
2240	Unicorn-11557.exe
2140	Unicorn-696.exe
1196	Unicorn-46368.exe
2472	Unicorn-21392.exe
2716	Unicorn-54619.exe
2672	Unicorn-13031.exe
2800	Unicorn-50535.exe
2572	Unicorn-23338.exe
2536	Unicorn-41620.exe
3040	Unicorn-5418.exe
2276	Unicorn-60094.exe
2880	Unicorn-64178.exe
2912	Unicorn-56010.exe
2512	Unicorn-23700.exe
1972	Unicorn-587.exe
1576	Unicorn-35398.exe
1968	Unicorn-50343.exe
1700	Unicorn-4671.exe
1540	Unicorn-38090.exe
2332	Unicorn-57956.exe
1516	Unicorn-27230.exe
2260	Unicorn-42174.exe
2268	Unicorn-45979.exe
1668	Unicorn-60924.exe
900	Unicorn-56093.exe
1236	Unicorn-23975.exe
2236	Unicorn-39757.exe
1720	Unicorn-41703.exe
1332	Unicorn-40887.exe
1600	Unicorn-44417.exe
2100	Unicorn-28635.exe
2748	Unicorn-62699.exe
2340	Unicorn-62699.exe
2808	Unicorn-65392.exe
2588	Unicorn-22413.exe
2696	Unicorn-54531.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 2172	2604	55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe	28
PID 2604 wrote to memory of 2172	2604	55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe	28
PID 2604 wrote to memory of 2172	2604	55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe	28
PID 2604 wrote to memory of 2172	2604	55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe	28
PID 2172 wrote to memory of 3068	2172	Unicorn-50696.exe	29
PID 2172 wrote to memory of 3068	2172	Unicorn-50696.exe	29
PID 2172 wrote to memory of 3068	2172	Unicorn-50696.exe	29
PID 2172 wrote to memory of 3068	2172	Unicorn-50696.exe	29
PID 2604 wrote to memory of 1692	2604	55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe	30
PID 2604 wrote to memory of 1692	2604	55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe	30
PID 2604 wrote to memory of 1692	2604	55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe	30
PID 2604 wrote to memory of 1692	2604	55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe	30
PID 2604 wrote to memory of 2676	2604	55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe	31
PID 2604 wrote to memory of 2676	2604	55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe	31
PID 2604 wrote to memory of 2676	2604	55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe	31
PID 2604 wrote to memory of 2676	2604	55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe	31
PID 1692 wrote to memory of 2684	1692	Unicorn-6409.exe	32
PID 1692 wrote to memory of 2684	1692	Unicorn-6409.exe	32
PID 1692 wrote to memory of 2684	1692	Unicorn-6409.exe	32
PID 1692 wrote to memory of 2684	1692	Unicorn-6409.exe	32
PID 3068 wrote to memory of 2688	3068	Unicorn-26275.exe	34
PID 3068 wrote to memory of 2688	3068	Unicorn-26275.exe	34
PID 3068 wrote to memory of 2688	3068	Unicorn-26275.exe	34
PID 3068 wrote to memory of 2688	3068	Unicorn-26275.exe	34
PID 2172 wrote to memory of 1316	2172	Unicorn-50696.exe	33
PID 2172 wrote to memory of 1316	2172	Unicorn-50696.exe	33
PID 2172 wrote to memory of 1316	2172	Unicorn-50696.exe	33
PID 2172 wrote to memory of 1316	2172	Unicorn-50696.exe	33
PID 2172 wrote to memory of 2576	2172	Unicorn-50696.exe	35
PID 2172 wrote to memory of 2576	2172	Unicorn-50696.exe	35
PID 2172 wrote to memory of 2576	2172	Unicorn-50696.exe	35
PID 2172 wrote to memory of 2576	2172	Unicorn-50696.exe	35
PID 2688 wrote to memory of 2832	2688	Unicorn-64183.exe	36
PID 2688 wrote to memory of 2832	2688	Unicorn-64183.exe	36
PID 2688 wrote to memory of 2832	2688	Unicorn-64183.exe	36
PID 2688 wrote to memory of 2832	2688	Unicorn-64183.exe	36
PID 3068 wrote to memory of 2872	3068	Unicorn-26275.exe	37
PID 3068 wrote to memory of 2872	3068	Unicorn-26275.exe	37
PID 3068 wrote to memory of 2872	3068	Unicorn-26275.exe	37
PID 3068 wrote to memory of 2872	3068	Unicorn-26275.exe	37
PID 2684 wrote to memory of 3020	2684	Unicorn-45901.exe	38
PID 2684 wrote to memory of 3020	2684	Unicorn-45901.exe	38
PID 2684 wrote to memory of 3020	2684	Unicorn-45901.exe	38
PID 2684 wrote to memory of 3020	2684	Unicorn-45901.exe	38
PID 1316 wrote to memory of 2416	1316	Unicorn-13591.exe	39
PID 1316 wrote to memory of 2416	1316	Unicorn-13591.exe	39
PID 1316 wrote to memory of 2416	1316	Unicorn-13591.exe	39
PID 1316 wrote to memory of 2416	1316	Unicorn-13591.exe	39
PID 1692 wrote to memory of 1928	1692	Unicorn-6409.exe	40
PID 1692 wrote to memory of 1928	1692	Unicorn-6409.exe	40
PID 1692 wrote to memory of 1928	1692	Unicorn-6409.exe	40
PID 1692 wrote to memory of 1928	1692	Unicorn-6409.exe	40
PID 1692 wrote to memory of 328	1692	Unicorn-6409.exe	41
PID 1692 wrote to memory of 328	1692	Unicorn-6409.exe	41
PID 1692 wrote to memory of 328	1692	Unicorn-6409.exe	41
PID 1692 wrote to memory of 328	1692	Unicorn-6409.exe	41
PID 3068 wrote to memory of 2868	3068	Unicorn-26275.exe	42
PID 3068 wrote to memory of 2868	3068	Unicorn-26275.exe	42
PID 3068 wrote to memory of 2868	3068	Unicorn-26275.exe	42
PID 3068 wrote to memory of 2868	3068	Unicorn-26275.exe	42
PID 2832 wrote to memory of 1696	2832	Unicorn-867.exe	43
PID 2832 wrote to memory of 1696	2832	Unicorn-867.exe	43
PID 2832 wrote to memory of 1696	2832	Unicorn-867.exe	43
PID 2832 wrote to memory of 1696	2832	Unicorn-867.exe	43

C:\Users\Admin\AppData\Local\Temp\55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe
"C:\Users\Admin\AppData\Local\Temp\55b78a569b266c000166256d7cacce3ac7b5ce7d8af10501328445610e29fb1f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50696.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50696.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26275.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-867.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33779.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41729.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13031.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56093.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55107.exe
        10⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
        11⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
        12⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54770.exe
        13⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51431.exe
        14⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
        15⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 216
        14⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
        13⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        12⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
        11⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 236
        10⤵
        Program crash
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        9⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58636.exe
        10⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        11⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
        12⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20155.exe
        13⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
        14⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 216
        14⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
        13⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
        12⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
        11⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
        10⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        9⤵
        Program crash
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23975.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61905.exe
        9⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        10⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60146.exe
        11⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35253.exe
        12⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe
        13⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
        14⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 216
        14⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
        13⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 236
        12⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        11⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 236
        10⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe
        9⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 220
        10⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
        9⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        8⤵
        Program crash
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8044.exe
        9⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
        10⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
        11⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26626.exe
        12⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe
        13⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32122.exe
        14⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 216
        13⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        12⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
        11⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
        10⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
        9⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63737.exe
        10⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28764.exe
        11⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
        12⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        13⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
        12⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        11⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        10⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
        9⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
        10⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
        11⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
        12⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30311.exe
        13⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9276 -s 216
        13⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
        12⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
        11⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        10⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 216
        9⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        8⤵
        Program crash
        
        PID:3336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
        7⤵
        Program crash
        
        PID:984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62699.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
        9⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15548.exe
        10⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42378.exe
        11⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57710.exe
        12⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50248.exe
        13⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11447.exe
        14⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
        13⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
        12⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 236
        11⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 216
        10⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
        9⤵
        Program crash
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
        8⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36161.exe
        9⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        10⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
        11⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        12⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        13⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
        12⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
        11⤵
        
        PID:9456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        10⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 236
        9⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
        8⤵
        Program crash
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65392.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54998.exe
        8⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52689.exe
        9⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47448.exe
        10⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        11⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
        12⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        13⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
        12⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 236
        11⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        10⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 216
        9⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 216
        8⤵
        Program crash
        
        PID:3604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
        7⤵
        Program crash
        
        PID:2176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
        6⤵
        Program crash
        
        PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53981.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21392.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
        9⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        10⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
        11⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
        12⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20949.exe
        13⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
        14⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 216
        14⤵
        
        PID:11416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
        13⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 236
        12⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
        11⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
        10⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32356.exe
        9⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59570.exe
        10⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
        11⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        12⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
        13⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
        13⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 236
        12⤵
        
        PID:10472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
        11⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
        10⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31157.exe
        8⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
        9⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21335.exe
        10⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52199.exe
        11⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42625.exe
        12⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        13⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 236
        12⤵
        
        PID:10836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
        11⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        10⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
        9⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
        8⤵
        Program crash
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60924.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
        9⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
        10⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
        11⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50497.exe
        12⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9890.exe
        13⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 216
        13⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
        12⤵
        
        PID:10756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
        11⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
        10⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9606.exe
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60146.exe
        9⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10940.exe
        10⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54773.exe
        11⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9890.exe
        12⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 216
        12⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
        11⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
        10⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        9⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
        8⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
        7⤵
        Program crash
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54619.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        8⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42828.exe
        9⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15543.exe
        10⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        11⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
        12⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
        13⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 220
        12⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
        11⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        10⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        9⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50914.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
        9⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39537.exe
        10⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62142.exe
        11⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7472.exe
        12⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
        11⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        10⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        9⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
        8⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
        7⤵
        Program crash
        
        PID:3308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        6⤵
        Program crash
        
        PID:536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48745.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41703.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18927.exe
        9⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25388.exe
        10⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6669.exe
        11⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        12⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6890.exe
        13⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-819.exe
        14⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
        13⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        12⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        11⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
        10⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29228.exe
        10⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        11⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
        12⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18635.exe
        13⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 216
        13⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
        12⤵
        
        PID:10800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
        11⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        10⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37955.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17220.exe
        9⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29228.exe
        10⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        11⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50497.exe
        12⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15921.exe
        13⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 216
        13⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
        12⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
        11⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        10⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
        9⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
        8⤵
        Program crash
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        8⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        10⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
        11⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        12⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42371.exe
        13⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9868 -s 216
        13⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
        12⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 236
        11⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
        10⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
        9⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        8⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
        9⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32129.exe
        10⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50497.exe
        11⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
        12⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 216
        12⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
        11⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
        10⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
        9⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
        8⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 220
        7⤵
        Program crash
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54531.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3659.exe
        8⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50743.exe
        9⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        10⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9853.exe
        11⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
        12⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 216
        12⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
        11⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
        10⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 236
        9⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        8⤵
        Program crash
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2268.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        8⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40432.exe
        9⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        10⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
        11⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
        12⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 216
        11⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
        10⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 236
        9⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
        8⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        7⤵
        Program crash
        
        PID:3268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
        6⤵
        Program crash
        
        PID:284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44422.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
        9⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
        10⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        11⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44467.exe
        12⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1722.exe
        13⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 216
        13⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
        12⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        11⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        10⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
        9⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36248.exe
        8⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34874.exe
        9⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
        10⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        11⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53061.exe
        12⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10004 -s 216
        12⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 216
        11⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 236
        10⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 236
        9⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
        8⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
        8⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-639.exe
        9⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56057.exe
        10⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
        11⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
        12⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 216
        12⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
        11⤵
        
        PID:10624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        10⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        9⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
        8⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        7⤵
        Program crash
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63851.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55870.exe
        9⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        10⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
        11⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42947.exe
        12⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 236
        12⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
        11⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
        10⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
        9⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        8⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43154.exe
        9⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe
        10⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        11⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
        10⤵
        
        PID:10708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
        9⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        8⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
        7⤵
        
        PID:4632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        6⤵
        Program crash
        
        PID:1724
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        5⤵
        Program crash
        
        PID:1704
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31594.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36493.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62699.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 220
        9⤵
        Program crash
        
        PID:2704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
        8⤵
        Program crash
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34665.exe
        7⤵
        Executes dropped EXE
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37064.exe
        8⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21683.exe
        10⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3958.exe
        11⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
        12⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51857.exe
        13⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 216
        12⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
        11⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
        10⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
        9⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
        8⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
        9⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
        10⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59319.exe
        11⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22008.exe
        12⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
        11⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
        10⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
        9⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
        8⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        7⤵
        Program crash
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34111.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
        8⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        9⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
        10⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47705.exe
        11⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43476.exe
        12⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        13⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
        12⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 220
        11⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        10⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
        9⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 216
        8⤵
        Program crash
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13794.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        9⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17555.exe
        10⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29937.exe
        11⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        12⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
        11⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
        10⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        9⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        8⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
        7⤵
        Program crash
        
        PID:3236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        6⤵
        Program crash
        
        PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27230.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38195.exe
        7⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65112.exe
        8⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 200
        9⤵
        Program crash
        
        PID:3368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 216
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
        7⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26151.exe
        9⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41483.exe
        10⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe
        10⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65406.exe
        11⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8612 -s 216
        11⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 220
        10⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
        9⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
        8⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        7⤵
        Program crash
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        6⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24272.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
        8⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18516.exe
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        9⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
        10⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60269.exe
        11⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 216
        11⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
        10⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        9⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
        8⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 216
        7⤵
        Program crash
        
        PID:3628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
        6⤵
        Program crash
        
        PID:1952
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
        5⤵
        Program crash
        
        PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4183.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-696.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57956.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64645.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46638.exe
        8⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63187.exe
        9⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52876.exe
        10⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58478.exe
        11⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26175.exe
        12⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 236
        12⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 236
        11⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        10⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 216
        9⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 216
        8⤵
        Program crash
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45247.exe
        7⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        9⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
        10⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40954.exe
        11⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        12⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
        11⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
        10⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        9⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
        8⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
        7⤵
        Program crash
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        6⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24812.exe
        7⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36545.exe
        8⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
        9⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
        10⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
        11⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33020.exe
        12⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8344 -s 220
        11⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
        10⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
        9⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
        8⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 216
        7⤵
        
        PID:3152
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        6⤵
        Program crash
        
        PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42174.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17495.exe
        8⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
        9⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
        10⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe
        11⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
        12⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
        11⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        10⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        9⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
        8⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50914.exe
        7⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41483.exe
        9⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        10⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59195.exe
        11⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
        10⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
        9⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        8⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
        7⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4946.exe
        6⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23800.exe
        7⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31937.exe
        9⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48935.exe
        10⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        11⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 216
        11⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
        10⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        9⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 236
        8⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45818.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42051.exe
        8⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1680.exe
        9⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        10⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 216
        10⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
        9⤵
        
        PID:10788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 236
        8⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 220
        7⤵
        
        PID:6544
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
        6⤵
        Program crash
        
        PID:4088
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
        5⤵
        Program crash
        
        PID:948
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1816
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36493.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43675.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4671.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29835.exe
        8⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54998.exe
        9⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56472.exe
        10⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50354.exe
        11⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
        12⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 220
        13⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
        12⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 236
        11⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
        10⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 216
        9⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
        8⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37121.exe
        9⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62606.exe
        10⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59656.exe
        11⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
        12⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        13⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8196 -s 216
        12⤵
        
        PID:11284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
        11⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
        10⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 216
        9⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
        8⤵
        Program crash
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44780.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65112.exe
        8⤵
        
        PID:932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 200
        9⤵
        Program crash
        
        PID:3228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        8⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 240
        7⤵
        Program crash
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38090.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
        7⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11827.exe
        8⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6612.exe
        9⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe
        10⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13929.exe
        11⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7238.exe
        12⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        13⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
        12⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        11⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
        10⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 236
        9⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63166.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36457.exe
        9⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9640.exe
        10⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18775.exe
        11⤵
        
        PID:11944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 236
        11⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
        10⤵
        
        PID:9556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        9⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 220
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45247.exe
        7⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54334.exe
        8⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
        9⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22812.exe
        10⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58432.exe
        11⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9280 -s 216
        11⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 216
        10⤵
        
        PID:9980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
        9⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
        8⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
        7⤵
        
        PID:3164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
        6⤵
        Program crash
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50722.exe
        8⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46358.exe
        9⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21190.exe
        10⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
        11⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52194.exe
        12⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42750.exe
        13⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
        12⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
        11⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 236
        10⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 236
        9⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 216
        8⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2268.exe
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29171.exe
        8⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        9⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43621.exe
        10⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24234.exe
        11⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        12⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 216
        11⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
        10⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
        9⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
        8⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
        7⤵
        Program crash
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe
        6⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40608.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
        8⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe
        9⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64207.exe
        10⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        11⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
        11⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
        10⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
        9⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 216
        8⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 236
        7⤵
        Program crash
        
        PID:3432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
        6⤵
        Program crash
        
        PID:2928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 220
        5⤵
        Program crash
        
        PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25751.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
        8⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62694.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47017.exe
        10⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
        11⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe
        12⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
        13⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10124 -s 216
        13⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
        12⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        11⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 236
        10⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
        9⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe
        10⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
        11⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        12⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 216
        11⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
        10⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 220
        9⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 216
        8⤵
        Program crash
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        8⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe
        9⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20295.exe
        10⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        11⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
        12⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 236
        11⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
        10⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
        9⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 216
        8⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
        7⤵
        Program crash
        
        PID:3812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 236
        6⤵
        Program crash
        
        PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
        6⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
        7⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        8⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        9⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17555.exe
        10⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60663.exe
        11⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe
        12⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 204
        11⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
        10⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
        9⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 236
        8⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 216
        7⤵
        Program crash
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52009.exe
        6⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32269.exe
        7⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33634.exe
        8⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49158.exe
        9⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe
        10⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18609.exe
        11⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 220
        10⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
        9⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
        8⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
        7⤵
        
        PID:5632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 220
        6⤵
        Program crash
        
        PID:3292
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
        5⤵
        Program crash
        
        PID:2304
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36061.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54531.exe
        6⤵
        Executes dropped EXE
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
        7⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
        8⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        9⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
        10⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27991.exe
        11⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32553.exe
        12⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 216
        11⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
        10⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        9⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 236
        8⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 216
        7⤵
        Program crash
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47925.exe
        6⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30323.exe
        7⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 200
        8⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 216
        7⤵
        
        PID:5960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 220
        6⤵
        Program crash
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe
        6⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3488.exe
        7⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
        8⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
        9⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe
        10⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52205.exe
        11⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 216
        10⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 236
        9⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
        8⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
        7⤵
        
        PID:5624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 216
        6⤵
        Program crash
        
        PID:3592
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        5⤵
        Program crash
        
        PID:2312
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
      4⤵
      Program crash
      PID:1984
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:328
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
  2⤵
  - Program crash
  PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-26275.exe

Filesize
184KB

MD5
91fc548de5912dbada2cfaaf1512f011

SHA1
1324d88e68b82ae4cad7fb37c28428cd20aa3359

SHA256
c2891517893b0456b74e6b5c9e401700a8798d59c8513f31145ac8d9e08ac58f

SHA512
55f110bea1c164e0351bad2cb39e66286174d5c8ee8b03591b8d37b2576a08e3ac3b1540658516239952e157438f930c3c6a62a44d411bb36cc3e3a29cb88d5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe

Filesize
184KB

MD5
c236daccd750c679ca1f4b5888058e57

SHA1
b3ef886c171ed6248dc74b023599c7e55c3ff6a6

SHA256
0b427422f17cf64e7ed4d7e4401cc46b30b3c4837eafdd28418a6148886f2b96

SHA512
e4af3e9bf078f17ddcb8d1b3c0bcfe6a3729138147747e2ad0eb4862f6c4ec2babf4de2f2aac639b45b30a627839bae1518d4d6df0a5d62eee8d505fc526c744

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe

Filesize
184KB

MD5
0181d58d37fe8c854024381fe9bff078

SHA1
a469a858798f43dcb510a5dd0c869227afd57d76

SHA256
c6586314da43d8ac56f068e79db8fe59f30771821fc2e509180cdf332744219a

SHA512
3a844dff759967ebc025564a0bd8a93fe1b80908b47bd43db9ed8df1fbe1b29305d3185736e687e0b8517c729dda4df2a7bb2cc5f66ac3670a6594452d9ec630

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36457.exe

Filesize
184KB

MD5
145d42b1df1802bee573cd3758a21583

SHA1
efdac5eb2372f270128e285dfb95042267a0f34d

SHA256
ffbfd4ffe69e9af2c29c629afe38bd6e8397064e67ff6caffb35f4f24770b68a

SHA512
bc91d4a1c3e50e5e565ebee42d3a7313c62ef4194f08afa5c7311df8215f2142bb9b48708655c38c7e8591e7848875fa48a10c632bf2331c3c1c99ea6c3915f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36545.exe

Filesize
184KB

MD5
d7654113348a959926f31bbed4448e79

SHA1
9798bdcecda6e93be64877906dec30bb606955eb

SHA256
b9495b366e3525b6d784f9326dfeede49d923a62aae439df4ace1039fbb37895

SHA512
5d04386eaa7dc8fcf849711410cd0aede6bc78a70b973717c9919909140be8b8efa7348d00c7625a72769eae5e241c0efc2fe62df5dd7f5e54630eddabe8d3be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe

Filesize
184KB

MD5
bda14dbee1fe6401bc5871fac095b201

SHA1
09d5c86670208872a73e10dd8ae723e60bb3843b

SHA256
d825989db42c3be8fc083f1cbf6b6001756e3e7ac519786350d67e3bf5911014

SHA512
94b1608d729de8323bbe3d7911a1b3fca2110cb51b21726170e20bc21c2df7c36fd42a4824acd1c4f3e4579888ceecdc3e7bfb68adf945d7358a96cf4f4155e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe

Filesize
184KB

MD5
a5a9d68dc2387fc00be2799d94ca9cb5

SHA1
65a623cddfdd63063c8b3c0113b7a083567738d7

SHA256
a03d000c249c313d184c3e5c4009c538a958314d15064aab513775cbad91c6a6

SHA512
d10fab7b0b56689989b95dfa01e91fe6055838d06f0a4c09c3da5e5d8b7d3c0d7c399e400c0ba75291bdc09f7d0c6ae48823d752310d5313b6ee3fd36c792079

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51857.exe

Filesize
184KB

MD5
2a8c4dca00db9dd6ab5a7bdf3bc32172

SHA1
9af604a07400bf88830bab00621ea8180c34e865

SHA256
e7d7489ad02e9fb716f5b188a1e06f18186b2fd2fe558b03801ea69b39fcc849

SHA512
91ceeb9b35fa9a623e7274a639a30f9171fdeb18ce3a03d850e7d2ea805ad96d17de0b48fd4562ceaa8c46bade62e66d07fcc91ce0d42f9429bbfd1bec7ce0be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53061.exe

Filesize
184KB

MD5
d3ef1f8919432c6602cdc8816fcae4be

SHA1
e7b31499c587615f20ea23f98bd36ad1ee7e369e

SHA256
5e83c57e36e1d928072f0dbbe6bd93b7ed5305127b2d84c9568574bdecb2d843

SHA512
19bfa6a340266076c458d6ee486cbb39dcd7854513776d90ad1e3b02f0aa6709d7f6fb8a67efbb6c6a49a79ac30c89cbb1b6225dc98aa82d07c965f6aa05bbb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57710.exe

Filesize
184KB

MD5
0897b4981c9fd01593126ab1d0f1cebb

SHA1
6c7705ff3c0f9b1bea8b2b53930531fc0cdb79ca

SHA256
a16c9b39ba7096dd9acb0993fe868a4d70c74c04bb304176a39b0a8404f28af8

SHA512
772f8268f1b311b4620e50917276034046fa85f3a71463e68e471692fdeeb8ab99c9eed83e3a367e04e429f2b64f490dddab3121d6ae57ffd2390205f5eb932c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6612.exe

Filesize
184KB

MD5
d9811e6c5f7aceb0f2a5857efd31fbb1

SHA1
7e2e3eb8617b2b994b30febedec19983f081f968

SHA256
bab1aa594180138c4fd6d0be889b6b3d6dbecfd649f754c50e79a45b11aa0716

SHA512
744497ec515a43fb37163094c3a41fad7aa15823106fb601ba547f1561ffb04dcf8d62c7fddf4e5a3eb92b8576c8d298ca9e8d00d018b37e0b2ca2f6f8cafae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6669.exe

Filesize
184KB

MD5
ab0b6accdc353d1672a960e27a7767d2

SHA1
6f377552c946073457adf2219d67c5b4943c1842

SHA256
aac001bf42a828ac6d5538dbe4d02ba95c2b013e1d624bade3c4cd2355834d9f

SHA512
2f8d881a38fb3f34b94851b00027e56dce24ce5885f8fda061edd1d7fa1842d6b1b1d3a066c3ceeccd414f394fdb31b438c3ed0928c39a266f0d9559fa0dc63d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe

Filesize
184KB

MD5
d14d09b970eb1dd810060ddfe52dc7a0

SHA1
3c256a248dc365023227791d5004d0dbf5005940

SHA256
1697ee696a73d6316d73e27d1a883c40680abffd713b3881d357f1213ddd083d

SHA512
7c38f804e72694e3772349e5656ec0b9027708b5cb09f718ea4e2ce5163fa796ca9fd9902ce16fece3079322da157e71acfe53cd8bed1f3c7fb2b8dd7670c94d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe

Filesize
184KB

MD5
b923cb670e051f85a8e1200a7620c0c5

SHA1
9af6c2cd016808f770081419773fc965532beef8

SHA256
ec35b2e7c4d38191012613719128be10267696023393549a51318578310c00a8

SHA512
dde790c12ead74b71ad52d3035f6fd210bd58c279d80d9fe661db2f9d602c109a36417279f2ec69aae462364d544740eb437ad81715f665589922e317e06b60a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31594.exe

Filesize
184KB

MD5
b43a7d03908b0230f865ed6841d6aa7b

SHA1
30763ef3c976cbb90feaecc4c87df9b60784f596

SHA256
b0e2601e883da7f4874f8b75427db597522466479d066d8dd9f1ab18c9d2e38e

SHA512
a94b887bfed4b123ccd93b1310149b0c9d4f7374db819b2fd0de9bac341d99b98310303566bb6ced9e517798ea764deb2ef201043f7e0afbd29683848318ed8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33779.exe

Filesize
184KB

MD5
b606de1a105b369b116b795d0b34bf71

SHA1
8fb2f5d37c4b006f4594347da6c0177648cb419f

SHA256
af7ae977367ab432a827e0bc0a50e1241288a6030b797aef44eb1fd44b712cae

SHA512
aea7233c5c37bf9cb013ce5c97d71a8086f667613d179a5ad31a63bbc05d617d8b898b15e5806f0a327c8fbddba3ead1381c924a43d25dc1319b4b6a480efa62

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe

Filesize
184KB

MD5
50b4dc69f03565ddf674393976507224

SHA1
eda3868193fb0eeed69b364e0d65e738208ce240

SHA256
c674e5f2cbf6ac6dc255f2b34ddd15992a7cdb1b8adc42387520eb5ffcb0d259

SHA512
c55982ce934ba1444b305f4026a37d20a7c34e8be94507c6963d8917c9638798835b1939a5b024cb6a418cf7504bd83881d4242ebe391435d9ba6a06100af736

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe

Filesize
184KB

MD5
e645b8a174dd246ed042d00fa5b82d6e

SHA1
a84e48e82a92e4c969dc6cb0ef84d92c69af4c67

SHA256
6f8263f7395bbca170d7bf5280662771692a60bcde4fcd39b436a5329f10c640

SHA512
8fb88428eee01f9b7bdf7a58f9d643eb189dfbe8b37dc94424240619621cca0e27b57340e868df46211ed2d2dc85393831839a8c85d1b752bed0751920da86c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48745.exe

Filesize
184KB

MD5
08967cc36600126a0803d8c8243d5dc0

SHA1
43c4b9185c741b039181b0fcbaa1f86f5637db00

SHA256
27ab8b369b4fe8a9b61ad59c6e18b683a2be62a307317b9a122ef1cefbb3f64c

SHA512
f8c5d9a9cf0d413558dfcc130e93657fdbc20985d38c007c54ac19551132b255d617f4561e3fb47239ded89f993a18a34fa2e17c270142735abc58982357cdd1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe

Filesize
184KB

MD5
6a37aa8ae98df86ad17fdb07f63b9ec6

SHA1
241cdc9f8866e77efb3ce3f51d2fa3f4eeacea29

SHA256
2915a69c610e287516c5da357a7eedb705df6554efb15fb2c3f0b0782b9fd37d

SHA512
c71c0405ab18bb8fceb4af2f99d626cdf9fa77506027705a4a4de19f50b2522db9858e5b64df47eb822a930bd0ba5510e6c6f7165b7643c9fac983e14c18fffe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50696.exe

Filesize
184KB

MD5
14c943eaefe56abb405d2ebadb56c63b

SHA1
741ed1ea84027246c8bf6c66b0a1b4cd53a6919c

SHA256
43728cd937c0eee4c5c1aad2250419d94fb46a7db853f28aae07c7d6849d82f3

SHA512
17c8cb296ac14f69083777eef545a37de8a75237c5b586c3cd455772e324b9c92dba79d47689c6ce045eab7a7522c4ea7bb8e4b3f29e6c2a35370668191f9258

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe

Filesize
184KB

MD5
ab52994db8cdaeed491d0093c9e51d89

SHA1
9d89f6d8e77797301f3a5d4e0c56373a31e53b39

SHA256
e456c53d3a77ab307b8ebae952ccd96b83efd92fcd77b04beace40e7800edecf

SHA512
47c4b0fd53658cd7baf4b1f4f724796aa9499701f107a3872598b4df1d23465a704ffe685075961cbc11179c15fe0fea53af7952168886329ed0ff1dac2e7cb0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe

Filesize
184KB

MD5
66cd0451cea57818991801ab0a650984

SHA1
ec6c54cdac4d96af4ab0fd067b2850c1f7b6cbad

SHA256
7844d911d6a753db884644c1f21167215ad41e2a71dd86c1d37ba18c8ea8886c

SHA512
4799d68ff602da18f187c8b7c04aeea38ebd00240f68a7582af8d2de3f9eeaecb391846629836da11ed9717516387075f4e4d37fc2cbe5eb70a0f7346f71ab8d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe

Filesize
184KB

MD5
e252b013157d526dfe2d127718d8e3c9

SHA1
bc8966f32d6bad5f53a2350e19dcd2835c1d4a4a

SHA256
eadffa1cd2a5254e4851d78926f1b716f9e4484d6dd1cffab048cabceda4408b

SHA512
3aa4e7ddd889247ef22c8343afff7edfe79077cff789e56e519b4c046a579e8c618ababbd68d79a0bc8bb479c47b266f93793a106b7d996f3338dd9e2c93168c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-867.exe

Filesize
184KB

MD5
8dd43df1fa91333f213647b036d98421

SHA1
0cd2842c5e70e73b28c68fb27103886ad5ecf74f

SHA256
5ffaa9a1ea9738ebeefcc292c0b8a71cb5d0cdb73937fae223d33672490c7839

SHA512
4ce7efaf3dce1828802ebe8445a973c064986557db1e3b0af70c406d44ac20dd2ed1e0b5b3646a7d5e4f0b8187a1a86ca2acd3e565f01dca7428d931854551b3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads