deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 03:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe
Size

184KB
MD5

69f776304dde5ee4eda1f4785438c1fc
SHA1

75c67ead933b5fc5cbecc638b28c445ff0cae414
SHA256

deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c
SHA512

97984947c12cabf28ff7f31f9b150c57b8c84743a9d425407f8c2c61d43635837a9b53432462c88e8c24ade6a3baf2d974a2cf229c8b3abf71dc38b62ee9f2cf
SSDEEP

3072:Nmn3SYoT74hQdFGWe8kLRvPghlnViFFn3:Nm1o6MFGzLBPghlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
832	Unicorn-8869.exe
3056	Unicorn-23949.exe
2944	Unicorn-43815.exe
2664	Unicorn-8719.exe
1732	Unicorn-57728.exe
2860	Unicorn-37862.exe
1784	Unicorn-18489.exe
1492	Unicorn-47248.exe
2176	Unicorn-30911.exe
1572	Unicorn-50777.exe
2328	Unicorn-12344.exe
2820	Unicorn-35090.exe
2448	Unicorn-11078.exe
2052	Unicorn-43751.exe
2252	Unicorn-18370.exe
692	Unicorn-56942.exe
600	Unicorn-64041.exe
2116	Unicorn-25760.exe
452	Unicorn-8847.exe
2388	Unicorn-21654.exe
1516	Unicorn-8271.exe
1324	Unicorn-37414.exe
1280	Unicorn-8463.exe
1080	Unicorn-21270.exe
2968	Unicorn-41136.exe
2780	Unicorn-7430.exe
2772	Unicorn-27296.exe
2792	Unicorn-18796.exe
1760	Unicorn-48131.exe
304	Unicorn-35049.exe
2212	Unicorn-15183.exe
2828	Unicorn-47856.exe
2616	Unicorn-51385.exe
2444	Unicorn-37737.exe
2424	Unicorn-21017.exe
2412	Unicorn-34316.exe
2532	Unicorn-20441.exe
2372	Unicorn-36969.exe
2300	Unicorn-36969.exe
1484	Unicorn-38038.exe
1040	Unicorn-1644.exe
2016	Unicorn-21510.exe
2196	Unicorn-33439.exe
1896	Unicorn-33586.exe
1384	Unicorn-45324.exe
3048	Unicorn-49045.exe
1448	Unicorn-35698.exe
3064	Unicorn-44359.exe
2376	Unicorn-64265.exe
2764	Unicorn-2257.exe
1700	Unicorn-2257.exe
1588	Unicorn-15448.exe
2296	Unicorn-28023.exe
772	Unicorn-31208.exe
2104	Unicorn-18210.exe
2732	Unicorn-56782.exe
2948	Unicorn-43591.exe
2368	Unicorn-13414.exe
2932	Unicorn-33704.exe
2520	Unicorn-29367.exe
2552	Unicorn-46087.exe
2564	Unicorn-42557.exe
3052	Unicorn-62423.exe
2648	Unicorn-58894.exe

Loads dropped DLL 64 IoCs

pid	Process
3028	deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe
3028	deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe
3028	deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe
832	Unicorn-8869.exe
3028	deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe
832	Unicorn-8869.exe
3056	Unicorn-23949.exe
2944	Unicorn-43815.exe
3056	Unicorn-23949.exe
832	Unicorn-8869.exe
2944	Unicorn-43815.exe
832	Unicorn-8869.exe
2816	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
2816	WerFault.exe
1732	Unicorn-57728.exe
2944	Unicorn-43815.exe
2944	Unicorn-43815.exe
1732	Unicorn-57728.exe
3056	Unicorn-23949.exe
3056	Unicorn-23949.exe
2860	Unicorn-37862.exe
2860	Unicorn-37862.exe
296	WerFault.exe
296	WerFault.exe
296	WerFault.exe
296	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
296	WerFault.exe
2664	Unicorn-8719.exe
2664	Unicorn-8719.exe
2176	Unicorn-30911.exe
2176	Unicorn-30911.exe
1492	Unicorn-47248.exe
1492	Unicorn-47248.exe
1784	Unicorn-18489.exe
1784	Unicorn-18489.exe
1572	Unicorn-50777.exe
1572	Unicorn-50777.exe
1732	Unicorn-57728.exe
2860	Unicorn-37862.exe
1732	Unicorn-57728.exe
2860	Unicorn-37862.exe
1440	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
2596	WerFault.exe
2596	WerFault.exe
2596	WerFault.exe
2596	WerFault.exe
312	WerFault.exe
312	WerFault.exe
312	WerFault.exe
312	WerFault.exe
2596	WerFault.exe
312	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2568	3028	WerFault.exe	27
2816	832	WerFault.exe	28
296	3056	WerFault.exe	29
1924	2944	WerFault.exe	30
1440	1732	WerFault.exe	33
2596	2860	WerFault.exe	34
312	2664	WerFault.exe	32
1736	2176	WerFault.exe	38
1536	1492	WerFault.exe	37
1956	1784	WerFault.exe	36
1208	1572	WerFault.exe	39
2304	2328	WerFault.exe	42
2356	2820	WerFault.exe	43
1984	2448	WerFault.exe	44
2144	2252	WerFault.exe	46
2120	692	WerFault.exe	48
540	2052	WerFault.exe	45
1168	600	WerFault.exe	47
2032	2116	WerFault.exe	52
1884	452	WerFault.exe	53
1820	2388	WerFault.exe	54
1932	1324	WerFault.exe	56
2920	1516	WerFault.exe	55
716	1080	WerFault.exe	58
1060	2780	WerFault.exe	60
1008	2968	WerFault.exe	59
1944	2772	WerFault.exe	61
3044	1280	WerFault.exe	57
2640	1760	WerFault.exe	64
644	2212	WerFault.exe	69
2792	2444	WerFault.exe	72
820	2616	WerFault.exe	71
2132	2828	WerFault.exe	70
2756	2532	WerFault.exe	75
2712	1484	WerFault.exe	78
1824	2372	WerFault.exe	77
1180	2016	WerFault.exe	79
1576	2300	WerFault.exe	76
3112	2196	WerFault.exe	81
3344	1896	WerFault.exe	83
3440	304	WerFault.exe	68
3804	2424	WerFault.exe	73
3876	2412	WerFault.exe	74
4004	1384	WerFault.exe	84
4044	2764	WerFault.exe	96
4080	3064	WerFault.exe	93
3156	2948	WerFault.exe	102
3208	1040	WerFault.exe	80
3184	2932	WerFault.exe	104
3288	2732	WerFault.exe	101
3352	2672	WerFault.exe	112
3420	1700	WerFault.exe	95
3428	1448	WerFault.exe	92
3560	856	WerFault.exe	117
4028	3048	WerFault.exe	85
3520	724	WerFault.exe	121
3524	1968	WerFault.exe	120
3668	2376	WerFault.exe	94
3964	2844	WerFault.exe	130
3248	2296	WerFault.exe	98
3716	772	WerFault.exe	99
4116	2812	WerFault.exe	134
4184	2368	WerFault.exe	103
4236	2460	WerFault.exe	133

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3028	deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe
832	Unicorn-8869.exe
3056	Unicorn-23949.exe
2944	Unicorn-43815.exe
1732	Unicorn-57728.exe
2664	Unicorn-8719.exe
2860	Unicorn-37862.exe
1492	Unicorn-47248.exe
2176	Unicorn-30911.exe
1784	Unicorn-18489.exe
1572	Unicorn-50777.exe
2328	Unicorn-12344.exe
2820	Unicorn-35090.exe
2448	Unicorn-11078.exe
2052	Unicorn-43751.exe
2252	Unicorn-18370.exe
692	Unicorn-56942.exe
600	Unicorn-64041.exe
2116	Unicorn-25760.exe
452	Unicorn-8847.exe
2388	Unicorn-21654.exe
1516	Unicorn-8271.exe
1324	Unicorn-37414.exe
1280	Unicorn-8463.exe
2780	Unicorn-7430.exe
1080	Unicorn-21270.exe
2772	Unicorn-27296.exe
2968	Unicorn-41136.exe
2792	Unicorn-18796.exe
1760	Unicorn-48131.exe
2212	Unicorn-15183.exe
304	Unicorn-35049.exe
2828	Unicorn-47856.exe
2616	Unicorn-51385.exe
2444	Unicorn-37737.exe
2424	Unicorn-21017.exe
2412	Unicorn-34316.exe
2532	Unicorn-20441.exe
2300	Unicorn-36969.exe
2372	Unicorn-36969.exe
1484	Unicorn-38038.exe
1040	Unicorn-1644.exe
2016	Unicorn-21510.exe
2196	Unicorn-33439.exe
1896	Unicorn-33586.exe
1384	Unicorn-45324.exe
3048	Unicorn-49045.exe
1448	Unicorn-35698.exe
3064	Unicorn-44359.exe
1700	Unicorn-2257.exe
2764	Unicorn-2257.exe
2376	Unicorn-64265.exe
2296	Unicorn-28023.exe
1588	Unicorn-15448.exe
772	Unicorn-31208.exe
2104	Unicorn-18210.exe
2732	Unicorn-56782.exe
2948	Unicorn-43591.exe
2932	Unicorn-33704.exe
2520	Unicorn-29367.exe
2552	Unicorn-46087.exe
2332	Unicorn-62916.exe
1988	Unicorn-43050.exe
2720	Unicorn-58894.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 832	3028	deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe	28
PID 3028 wrote to memory of 832	3028	deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe	28
PID 3028 wrote to memory of 832	3028	deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe	28
PID 3028 wrote to memory of 832	3028	deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe	28
PID 3028 wrote to memory of 3056	3028	deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe	29
PID 3028 wrote to memory of 3056	3028	deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe	29
PID 3028 wrote to memory of 3056	3028	deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe	29
PID 3028 wrote to memory of 3056	3028	deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe	29
PID 832 wrote to memory of 2944	832	Unicorn-8869.exe	30
PID 832 wrote to memory of 2944	832	Unicorn-8869.exe	30
PID 832 wrote to memory of 2944	832	Unicorn-8869.exe	30
PID 832 wrote to memory of 2944	832	Unicorn-8869.exe	30
PID 3028 wrote to memory of 2568	3028	deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe	31
PID 3028 wrote to memory of 2568	3028	deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe	31
PID 3028 wrote to memory of 2568	3028	deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe	31
PID 3028 wrote to memory of 2568	3028	deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe	31
PID 3056 wrote to memory of 2664	3056	Unicorn-23949.exe	32
PID 3056 wrote to memory of 2664	3056	Unicorn-23949.exe	32
PID 3056 wrote to memory of 2664	3056	Unicorn-23949.exe	32
PID 3056 wrote to memory of 2664	3056	Unicorn-23949.exe	32
PID 2944 wrote to memory of 1732	2944	Unicorn-43815.exe	33
PID 2944 wrote to memory of 1732	2944	Unicorn-43815.exe	33
PID 2944 wrote to memory of 1732	2944	Unicorn-43815.exe	33
PID 2944 wrote to memory of 1732	2944	Unicorn-43815.exe	33
PID 832 wrote to memory of 2860	832	Unicorn-8869.exe	34
PID 832 wrote to memory of 2860	832	Unicorn-8869.exe	34
PID 832 wrote to memory of 2860	832	Unicorn-8869.exe	34
PID 832 wrote to memory of 2860	832	Unicorn-8869.exe	34
PID 832 wrote to memory of 2816	832	Unicorn-8869.exe	35
PID 832 wrote to memory of 2816	832	Unicorn-8869.exe	35
PID 832 wrote to memory of 2816	832	Unicorn-8869.exe	35
PID 832 wrote to memory of 2816	832	Unicorn-8869.exe	35
PID 2944 wrote to memory of 1492	2944	Unicorn-43815.exe	37
PID 2944 wrote to memory of 1492	2944	Unicorn-43815.exe	37
PID 2944 wrote to memory of 1492	2944	Unicorn-43815.exe	37
PID 2944 wrote to memory of 1492	2944	Unicorn-43815.exe	37
PID 1732 wrote to memory of 1784	1732	Unicorn-57728.exe	36
PID 1732 wrote to memory of 1784	1732	Unicorn-57728.exe	36
PID 1732 wrote to memory of 1784	1732	Unicorn-57728.exe	36
PID 1732 wrote to memory of 1784	1732	Unicorn-57728.exe	36
PID 3056 wrote to memory of 2176	3056	Unicorn-23949.exe	38
PID 3056 wrote to memory of 2176	3056	Unicorn-23949.exe	38
PID 3056 wrote to memory of 2176	3056	Unicorn-23949.exe	38
PID 3056 wrote to memory of 2176	3056	Unicorn-23949.exe	38
PID 2860 wrote to memory of 1572	2860	Unicorn-37862.exe	39
PID 2860 wrote to memory of 1572	2860	Unicorn-37862.exe	39
PID 2860 wrote to memory of 1572	2860	Unicorn-37862.exe	39
PID 2860 wrote to memory of 1572	2860	Unicorn-37862.exe	39
PID 3056 wrote to memory of 296	3056	Unicorn-23949.exe	40
PID 3056 wrote to memory of 296	3056	Unicorn-23949.exe	40
PID 3056 wrote to memory of 296	3056	Unicorn-23949.exe	40
PID 3056 wrote to memory of 296	3056	Unicorn-23949.exe	40
PID 2944 wrote to memory of 1924	2944	Unicorn-43815.exe	41
PID 2944 wrote to memory of 1924	2944	Unicorn-43815.exe	41
PID 2944 wrote to memory of 1924	2944	Unicorn-43815.exe	41
PID 2944 wrote to memory of 1924	2944	Unicorn-43815.exe	41
PID 2664 wrote to memory of 2328	2664	Unicorn-8719.exe	42
PID 2664 wrote to memory of 2328	2664	Unicorn-8719.exe	42
PID 2664 wrote to memory of 2328	2664	Unicorn-8719.exe	42
PID 2664 wrote to memory of 2328	2664	Unicorn-8719.exe	42
PID 2176 wrote to memory of 2820	2176	Unicorn-30911.exe	43
PID 2176 wrote to memory of 2820	2176	Unicorn-30911.exe	43
PID 2176 wrote to memory of 2820	2176	Unicorn-30911.exe	43
PID 2176 wrote to memory of 2820	2176	Unicorn-30911.exe	43

C:\Users\Admin\AppData\Local\Temp\deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe
"C:\Users\Admin\AppData\Local\Temp\deeb4d7528a8f4721bd9c72cda9b6c0e48eff480845122df5894077c23e3f44c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57728.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43751.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41136.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29367.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
        10⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21524.exe
        11⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
        12⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25569.exe
        13⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
        14⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46057.exe
        15⤵
        
        PID:12444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10560 -s 216
        15⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
        14⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
        13⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        12⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 216
        11⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4346.exe
        10⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
        11⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12226.exe
        12⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17040.exe
        13⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 220
        14⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
        13⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
        12⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        11⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 220
        10⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
        9⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        10⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39825.exe
        11⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29139.exe
        12⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17808.exe
        13⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37084.exe
        14⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 236
        14⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
        13⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        12⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 236
        11⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 216
        10⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
        9⤵
        Program crash
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        8⤵
        Executes dropped EXE
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57439.exe
        9⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        10⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        11⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        12⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57797.exe
        13⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13161.exe
        14⤵
        
        PID:12748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
        13⤵
        
        PID:11284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
        12⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        11⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
        10⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
        9⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
        10⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10607.exe
        11⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
        12⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44853.exe
        13⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
        12⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
        11⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        10⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
        9⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        8⤵
        Program crash
        
        PID:1008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        7⤵
        Program crash
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7430.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36969.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62423.exe
        8⤵
        Executes dropped EXE
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
        9⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60439.exe
        10⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
        11⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42725.exe
        12⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4959.exe
        13⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26849.exe
        14⤵
        
        PID:12992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 236
        13⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 236
        12⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 236
        11⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 236
        10⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        10⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57961.exe
        11⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
        12⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
        12⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
        11⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        10⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        9⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39026.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        9⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe
        10⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21630.exe
        11⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe
        12⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63851.exe
        13⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10332 -s 220
        13⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
        12⤵
        
        PID:10696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
        11⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
        10⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        9⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
        8⤵
        Program crash
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58894.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
        8⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
        9⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
        10⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12994.exe
        11⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35296.exe
        12⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
        13⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9764 -s 216
        13⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
        12⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
        11⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
        10⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 216
        9⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        8⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4433.exe
        9⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61671.exe
        10⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
        11⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
        12⤵
        
        PID:12424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10400 -s 216
        12⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
        11⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
        10⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        9⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
        8⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        7⤵
        Program crash
        
        PID:1060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
        6⤵
        Program crash
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64041.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27296.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36969.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13222.exe
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        9⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
        10⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6929.exe
        11⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3041.exe
        12⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
        13⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36496.exe
        14⤵
        
        PID:12936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 216
        13⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
        12⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
        11⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
        10⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34522.exe
        9⤵
        
        PID:4012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        9⤵
        Program crash
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
        8⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56417.exe
        9⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        10⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
        11⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        12⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15553.exe
        13⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10296 -s 216
        13⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 216
        12⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        11⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        10⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
        9⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        8⤵
        Program crash
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43050.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        8⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
        10⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
        11⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
        12⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        13⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        12⤵
        
        PID:11500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
        11⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        10⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 236
        9⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe
        10⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43456.exe
        11⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56612.exe
        12⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 216
        12⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
        11⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
        10⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
        9⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
        8⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        7⤵
        Program crash
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1644.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28983.exe
        7⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
        8⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13651.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40100.exe
        10⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47971.exe
        11⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56017.exe
        12⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62673.exe
        13⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10184 -s 216
        13⤵
        
        PID:13184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
        12⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
        11⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
        10⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
        9⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
        8⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58548.exe
        9⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        10⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25125.exe
        11⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18751.exe
        12⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10672 -s 216
        12⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
        11⤵
        
        PID:10828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        10⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        9⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 240
        8⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55747.exe
        7⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41232.exe
        9⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7245.exe
        10⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14978.exe
        11⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 216
        11⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
        10⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 236
        9⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 236
        8⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
        7⤵
        Program crash
        
        PID:3208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 240
        6⤵
        Program crash
        
        PID:1168
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21017.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18210.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7963.exe
        9⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55841.exe
        10⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6493.exe
        11⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
        12⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27504.exe
        13⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1635.exe
        14⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9524 -s 220
        14⤵
        
        PID:13240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
        13⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
        12⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        11⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 216
        10⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
        9⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57287.exe
        10⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
        11⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38965.exe
        12⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
        13⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 216
        13⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 220
        12⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
        11⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        10⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
        8⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12743.exe
        9⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
        10⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
        11⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26743.exe
        12⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
        12⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        11⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        10⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 216
        9⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
        8⤵
        Program crash
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56782.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41679.exe
        8⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        9⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
        10⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
        11⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16043.exe
        12⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
        12⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
        11⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        10⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        9⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
        8⤵
        Program crash
        
        PID:3288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        7⤵
        Program crash
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34316.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43591.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41020.exe
        8⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55509.exe
        9⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
        10⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30541.exe
        11⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31070.exe
        12⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
        12⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 236
        11⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        10⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 236
        9⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
        8⤵
        Program crash
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36914.exe
        7⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6021.exe
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6124.exe
        10⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        11⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 216
        11⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 236
        10⤵
        
        PID:9240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        9⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
        8⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
        7⤵
        Program crash
        
        PID:3876
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        6⤵
        Program crash
        
        PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37414.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28023.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41596.exe
        8⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        10⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        11⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30541.exe
        12⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12902.exe
        13⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 236
        13⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
        12⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        11⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        10⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32732.exe
        9⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52202.exe
        10⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe
        11⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28082.exe
        12⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
        12⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
        11⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
        10⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
        9⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41213.exe
        9⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62060.exe
        10⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62428.exe
        11⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
        12⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 216
        12⤵
        
        PID:13084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
        11⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
        10⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        9⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        8⤵
        Program crash
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21922.exe
        7⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        9⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55677.exe
        10⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58749.exe
        11⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43882.exe
        12⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 216
        12⤵
        
        PID:12904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
        11⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        10⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
        9⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        8⤵
        Program crash
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        7⤵
        Program crash
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31208.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24876.exe
        7⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7964.exe
        9⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29580.exe
        10⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12158.exe
        11⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17920.exe
        12⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 236
        12⤵
        
        PID:13092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
        11⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
        10⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        9⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        8⤵
        Program crash
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53386.exe
        7⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24493.exe
        8⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27935.exe
        9⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18127.exe
        10⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-649.exe
        11⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 236
        11⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 236
        10⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
        9⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
        8⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
        7⤵
        Program crash
        
        PID:3716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
        6⤵
        Program crash
        
        PID:1932
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
        5⤵
        Program crash
        
        PID:1536
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18370.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21510.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46087.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        9⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40548.exe
        10⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        11⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        12⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62587.exe
        13⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2505.exe
        14⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 220
        13⤵
        
        PID:11408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
        12⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
        10⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3962.exe
        9⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40567.exe
        10⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
        11⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        12⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52876.exe
        13⤵
        
        PID:12668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10756 -s 216
        13⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
        12⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
        11⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        10⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
        9⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
        8⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe
        10⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21630.exe
        11⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9504.exe
        12⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63851.exe
        13⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9516 -s 220
        13⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
        12⤵
        
        PID:10580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
        11⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
        10⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
        9⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
        8⤵
        Program crash
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58894.exe
        7⤵
        Executes dropped EXE
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59635.exe
        9⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60877.exe
        10⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25968.exe
        11⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62673.exe
        12⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9992 -s 216
        12⤵
        
        PID:13176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
        11⤵
        
        PID:11192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        10⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        9⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 236
        8⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
        7⤵
        Program crash
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33439.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
        9⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23956.exe
        10⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9232.exe
        11⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        12⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
        13⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10448 -s 216
        13⤵
        
        PID:12528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
        12⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
        11⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
        10⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
        9⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        9⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
        10⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38965.exe
        11⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
        12⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10628 -s 216
        12⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 220
        11⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
        10⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 220
        8⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        7⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39505.exe
        8⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        9⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
        10⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        11⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32134.exe
        12⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 220
        12⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
        11⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
        10⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        9⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        8⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        7⤵
        Program crash
        
        PID:3112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        6⤵
        Program crash
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21270.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13414.exe
        7⤵
        Executes dropped EXE
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50117.exe
        8⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24576.exe
        9⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        10⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9356.exe
        11⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32196.exe
        12⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9640 -s 216
        12⤵
        
        PID:13260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
        11⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        10⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
        9⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 216
        8⤵
        Program crash
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39026.exe
        7⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6915.exe
        8⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
        9⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9616.exe
        10⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        11⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
        12⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 216
        12⤵
        
        PID:12360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 220
        11⤵
        
        PID:10836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        10⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        9⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 216
        8⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        7⤵
        Program crash
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
        8⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
        10⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        11⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 216
        11⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        10⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        9⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
        8⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
        7⤵
        Program crash
        
        PID:3184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 240
        6⤵
        Program crash
        
        PID:716
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        5⤵
        Program crash
        
        PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56942.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47856.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
        8⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24782.exe
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
        10⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11797.exe
        11⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 216
        11⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        10⤵
        
        PID:10044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        9⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        8⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
        7⤵
        Program crash
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
        6⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        7⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54241.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10690.exe
        9⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57514.exe
        10⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
        11⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9468 -s 216
        11⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 216
        10⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        9⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
        8⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
        7⤵
        
        PID:4544
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
        6⤵
        Program crash
        
        PID:2132
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 216
        5⤵
        Program crash
        
        PID:2120
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2596
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2816
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23949.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23949.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
        8⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe
        9⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
        10⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
        11⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe
        12⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
        13⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 216
        13⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
        12⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        11⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 236
        10⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
        9⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4236.exe
        10⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22046.exe
        11⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12674.exe
        12⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 216
        12⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
        11⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        10⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
        9⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20931.exe
        8⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27928.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
        10⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22129.exe
        11⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-282.exe
        12⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 216
        12⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
        11⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        10⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 216
        9⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
        8⤵
        Program crash
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63453.exe
        7⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        9⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37594.exe
        10⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38382.exe
        11⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26603.exe
        12⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 216
        12⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
        11⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        10⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 216
        9⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 236
        8⤵
        Program crash
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45324.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe
        8⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27928.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
        10⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
        11⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
        12⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 216
        12⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
        11⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        10⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 216
        9⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58415.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37241.exe
        9⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
        10⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31050.exe
        11⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
        11⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 236
        10⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        8⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
        8⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29919.exe
        9⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe
        10⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9908.exe
        11⤵
        
        PID:11944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
        11⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
        10⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
        9⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
        8⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
        7⤵
        Program crash
        
        PID:4004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        6⤵
        Program crash
        
        PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48131.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
        7⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9339.exe
        9⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9597.exe
        10⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
        11⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53624.exe
        12⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 236
        12⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
        11⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
        10⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
        9⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 216
        8⤵
        Program crash
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36774.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39992.exe
        9⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
        10⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45563.exe
        11⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
        11⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
        10⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        9⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        8⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
        7⤵
        Program crash
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63069.exe
        6⤵
        
        PID:724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8955.exe
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25825.exe
        9⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
        10⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34102.exe
        11⤵
        
        PID:944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 216
        11⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
        10⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
        9⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
        8⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 216
        7⤵
        Program crash
        
        PID:3520
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
        6⤵
        Program crash
        
        PID:2640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
        5⤵
        Program crash
        
        PID:2304
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 216
      4⤵
      Loads dropped DLL
      Program crash
      PID:312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30911.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35090.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44359.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8155.exe
        8⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55701.exe
        9⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
        10⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45232.exe
        11⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59685.exe
        12⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 216
        12⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
        11⤵
        
        PID:9420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
        10⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 236
        9⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 216
        8⤵
        Program crash
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54019.exe
        7⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43688.exe
        8⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe
        9⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37998.exe
        10⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
        11⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
        11⤵
        
        PID:11852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
        10⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        9⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 236
        8⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
        7⤵
        Program crash
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64265.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        7⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9417.exe
        8⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
        9⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11691.exe
        10⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11017.exe
        11⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 216
        11⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
        10⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 236
        9⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
        8⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
        7⤵
        Program crash
        
        PID:3668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 240
        6⤵
        Program crash
        
        PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15183.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
        7⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40496.exe
        8⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe
        9⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        10⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
        11⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
        12⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
        11⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
        10⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
        9⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
        8⤵
        Program crash
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36390.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        8⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43396.exe
        9⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50959.exe
        10⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe
        10⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46658.exe
        11⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9440 -s 216
        11⤵
        
        PID:12380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 240
        10⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
        9⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        8⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
        7⤵
        Program crash
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37215.exe
        6⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44072.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11086.exe
        9⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
        10⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        11⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 216
        11⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
        10⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
        9⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        8⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7294.exe
        7⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
        8⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
        9⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30578.exe
        10⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 216
        10⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
        9⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        8⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        7⤵
        
        PID:5752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
        6⤵
        Program crash
        
        PID:644
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        5⤵
        Program crash
        
        PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21654.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51385.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe
        8⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe
        9⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12994.exe
        10⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17808.exe
        11⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33924.exe
        12⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 216
        12⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 216
        11⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
        10⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        9⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
        8⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        7⤵
        Program crash
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        6⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40292.exe
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
        9⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        10⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        11⤵
        
        PID:12336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10480 -s 216
        11⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
        10⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
        9⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
        8⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
        7⤵
        
        PID:4920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
        6⤵
        Program crash
        
        PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57164.exe
        6⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
        8⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59559.exe
        9⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
        10⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17363.exe
        11⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 220
        10⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 220
        9⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        8⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
        7⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
        6⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61479.exe
        8⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48140.exe
        9⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        10⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 220
        9⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        8⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
        7⤵
        
        PID:6864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
        6⤵
        
        PID:4888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
        5⤵
        Program crash
        
        PID:1820
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
      4⤵
      Program crash
      PID:1736
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:296
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
  2⤵
  - Program crash
  PID:2568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-23949.exe

Filesize
184KB

MD5
8408c9ac2be0e350a92a25a3f7b0cad3

SHA1
d6bb681454169374c5f07cbcd550ee713845cfeb

SHA256
b2dc9634375425d3f72a00f2e7aa1950543080c9191ee97c213eaf19437c34b8

SHA512
79fe319d9b7f81fcef3ff1525e3bd64e590df1be7e00eda87d3f42f5857ed6c91a0a0aa6c08a4461511a02c0a46c5f58fc27143d44dc41b8d4278eb2761732ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30911.exe

Filesize
184KB

MD5
d9465b9ee3f46fd602655b4b349a1ee1

SHA1
5219fe86b1c5a7203bc3593ce3c1f39ac8034c15

SHA256
8188a098d2d2ace6ab867ecece4f278b9180b55d6a2a8c01cc6b7c4ff40a3cff

SHA512
fdba841d90ad8f4a8b6196e7981beeddb40d3c053cc0072eff23a13cd6108877ac945f5f73ea7b44cfc036780c7ba55b594b44a1ded92b698e569b032a0a66c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe

Filesize
184KB

MD5
51d165c5f8b29c19857a5112ea589aa9

SHA1
0d6722c3b5529783e91a5e5b5d1032ef13ad7260

SHA256
87875476d8acf682d185eb9c27b10e1fc021b8d10f527a2c0dbeb6f31b3421e0

SHA512
1be4e7696542bfd5d38ff9f820ae4b4788a935f4ae8d31e43e7a19744b3c2a9db67fdb089520ed647f7979d86b793924fc80366dd901ac5bbfe7534d9488edaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe

Filesize
184KB

MD5
39bb37dc80eeb4a3342bc079b2cd4c38

SHA1
0bb23c4b75683f1237b823cd2bdbb48d3ae008bf

SHA256
87f74226261e3840b1e25ff9ba770965cb47243c9a9a645af940362dd7175489

SHA512
6fe53ee49113241c2cf3417a68bda562cffa40815d1e14364139d936d2d796fdae9e653b800cb3f1a59e8501fb5b8ab49259de09da92b46eac4a5dccabf96d77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe

Filesize
184KB

MD5
6b2f52240d44a44b15337c84d9d57de7

SHA1
b8057c6f6f977faa512ef34bafa170c58fbd19b6

SHA256
9fe59a22e1ebe8591086597026086fbae0f7c3a4b038289348f8eeaa7623e1a5

SHA512
8acd4d90c1f3276afe3b90b55af75c5137f045550718cf12fdbb62f6ac4364f6b4a0e2d61d21ebbabe56a5645598ba558024e30a3a26c54ca0f70fd03f9c9ea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe

Filesize
184KB

MD5
173abe5749aa0f50b7845ee54908dbd8

SHA1
fdcbeae115fb7761c0bb169c41804f96c5d4d3c9

SHA256
9896c82b0edd77552e1c1ecdaff040768ddac989366f36616938d150cf462c84

SHA512
65aa4971044fdd376e73fc50afe7caa10ab1623f873801cb51afce088a2d0dd4af4d5414c5ea39117a2d92857bc6f352a0cd49977a7c3397b24ea16aa42611b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe

Filesize
184KB

MD5
13a10ec76923f29f42707205e049361a

SHA1
6fe6886f86e2b9d1c03ba6029a2d69afd45ebfcd

SHA256
4c351168ba9c3835541df5d681b91e7197bbfed2eccffbf89c477e9f2055dc0c

SHA512
27b6ee48a592eb5e266bb8320e55e1ac3da074e73a9eda20ace879f6fee54afd073b654bab6ca82c5e97ab07ff435c63161895221b8076c972ab2d4905820c1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe

Filesize
184KB

MD5
582ee29ed687622772ef08e890545a8b

SHA1
8b451dfc2834d98e00e96fe810362388f2f75a8e

SHA256
6f12e9d628f91d254fef71b10268b13bbc824a61161af3b1bb722b41ac0d4bc4

SHA512
4b26c06fcc6dbb83f2e32c78431706d9675d6a41d618b82cf35dd98dcca792407a28e03caabc10534ab4a243a7f3ed57e241525b5a7b9ddc5e19350a1f332ad8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57728.exe

Filesize
184KB

MD5
f4a89f5389b9685498165997aed956ee

SHA1
20b58f3d195e187d7f925cd031003ef5d737c26a

SHA256
fc8a6d7208f3807386d76485f1d45e8c4fb504532340bbbf94df8386b1f3700b

SHA512
4f519387abd5f79d5908190af1cc859283bf48f629398c1e7eedd6f922723e86ba8c87dccc24453e1029216751d8d05f173bf2a442c5813526d6df398a593b6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6021.exe

Filesize
184KB

MD5
ac607316c8bfee49a87991de0e439c7f

SHA1
cdf5be05912d31f0cfc359e0d22c6d3cad62286e

SHA256
439bec6f55ad82dd15f8be7b9aaeebb5b5d1d802b1a893747a9de04dcd99fae9

SHA512
3715d86ffa8167310e41fb9f50df1e757d2e0b5db81343e2f57a05928ac01725b5347643d87ad813020bbdcbad0eb8333594f3774d57f1a26dbaa70c29d0e623

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe

Filesize
184KB

MD5
ae81f135a9d135a6b77705045c05560d

SHA1
e07206e68c44be736aab27255604841be7ddbf39

SHA256
f58f1e021ce1929783e3de247ba18d6251a6542ca5c117bc8100c636698eca88

SHA512
6e769eecc2691a269f2f0f5a2156fc56c65b63ad480abd3f4b275d4aebcc353f378062cd7e32ed3ea7e3ad8e6d8b8a10051e42df4ffb0476cad5d2c23ea8bf8a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe

Filesize
184KB

MD5
75be6fd573d0e4df5958445324599e66

SHA1
6b8d6b5bd2b454d5ad82f0973a31a4b6ddc518e8

SHA256
07b135f9e63e29710f71394ea82f1a18ef40625dd87cd2b0575186145abe2829

SHA512
082a8f514a0c153d6dc82e60b9225e357a9f0f565bffc670c845afd9cceb51126fa9bac9af16b2f83bc2a0051aa71163e13d07c65f4f433adbf943cc5b0edea0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe

Filesize
184KB

MD5
997d2c1641a74679f2ef39158d37ea68

SHA1
f7ba8789911e71e60862231334ea2c669f55aaae

SHA256
72264a212b34282b1e54cb0107445bfe72d3fe64e927bdce1396ddf5e0fd5cb7

SHA512
162bfe2367e26db5d4745df1aec85ec6d1066526fa47f017a5f25022a7f90198a1770b53e2cd24a0c142befe4432a77f1bf06fcbc99c1854d1a9da8078e59ce3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe

Filesize
184KB

MD5
9575edac90c58d8a88749b80c7d25b24

SHA1
5a08b4620fa29a6177ff80dacc72a9a09eb944fa

SHA256
680f9036821783213423bda98aaece9184396330c4e5e832c0a07ef8719d7a6e

SHA512
0e37bf97088f0e08dcf594849867cb67f3ad0796fba50e085ae958dd3f0a74a941d8c4e9f7a41e14e33fd372dcd930904b41d226dd26aacddf69dc5409ec14c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35090.exe

Filesize
184KB

MD5
2f48d854d55d905b66d0b44f3aac533f

SHA1
68085b89c0df31144d14868289c10fa0d4209770

SHA256
e58bb99e202b9b222876dc829022e14c61c16a08ad09616dfd12bf76ff0e59da

SHA512
7408b7f7f38e048772cd78405533013e558ea64e05925ff5ccfea0b04e81413234cd6a81dc775b9daf90ab2dcc949cb3b54e863e299f653890c943ee913e2bf6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe

Filesize
184KB

MD5
704b61c7dd236702ac367bc157e2b6fc

SHA1
f087eda3f2e99dcffcbb91b5618d9ad0d61d6413

SHA256
b89711807384ee7676c3dc13b3eb0f36cf1aab5fcdd3d91f19b37de424569b2c

SHA512
0378205be2d3a9976dd2c137dcfc2dfd93eb564f738338c7f89304defccc89244cba4412c49d239058c4f6ab2e92be9e9416c18eb969dcf720822cd767e70f95

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe

Filesize
184KB

MD5
0c0447e5c8b536003933dd8a1a076b5e

SHA1
2f9102bd95579e8f9dc710c7bf2692a38df045f8

SHA256
56249d49fdd93cd46e79c664865af34f1985d29a887ab690fd410538e767f15d

SHA512
c73f4ac6133014fb1f83981a354d3eb3b381edaceb86e7b3277493f6044dd6c93ab12cd6e38a2d87244991f9522c53a2b211c25b554d4964b1db9afce13b6dcb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe

Filesize
184KB

MD5
d1e44354dd01eff836f04c21bc4181b5

SHA1
c24a262d1651d01a70e79a4371fb318a76f2c1aa

SHA256
882f818111afab9c7a83f8317f8623bdde7362f84b3766f719d9b835a2516858

SHA512
c7b2434f2f1d8918213546b0a83e4ac662bd5a73d5a7f486111c1fdbb823d9cff3de69efc3c2e2df5150ba1eb6e08facc8c50fe72850307d2b797a0e413a6c52

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads