84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 00:10 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe
Size

184KB
MD5

0551c956330d550789d0b8b1c372481a
SHA1

a3178f4148bda0654e637aec8da5e511ffb3cc71
SHA256

84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e
SHA512

79608b12919d40c7973d4bddd59524e443038f4201fdd498f0e6d41e92dd4ed53433fac682a5c3825f0d7ad06ace11d5986f445d57566066317a3c696f602c83
SSDEEP

3072:COJ3uxoCthOjdFmWe0hTR+sYhlneQF7n3:COWoZZFm+TEsYhlneQF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2584	Unicorn-65309.exe
2556	Unicorn-28823.exe
2408	Unicorn-14476.exe
2448	Unicorn-33321.exe
2588	Unicorn-51582.exe
2740	Unicorn-51812.exe
2724	Unicorn-57821.exe
1584	Unicorn-22866.exe
2296	Unicorn-25353.exe
336	Unicorn-16203.exe
540	Unicorn-10386.exe
1996	Unicorn-36069.exe
880	Unicorn-56058.exe
2072	Unicorn-9015.exe
1740	Unicorn-27800.exe
544	Unicorn-2871.exe
2360	Unicorn-11563.exe
1104	Unicorn-21656.exe
2816	Unicorn-41522.exe
2100	Unicorn-44070.exe
1448	Unicorn-20608.exe
616	Unicorn-58321.exe
2896	Unicorn-11237.exe
2340	Unicorn-13526.exe
2872	Unicorn-21363.exe
1668	Unicorn-60013.exe
2080	Unicorn-60890.exe
1500	Unicorn-56417.exe
1512	Unicorn-12670.exe
2540	Unicorn-54746.exe
2272	Unicorn-9074.exe
3020	Unicorn-9074.exe
2688	Unicorn-35503.exe
1428	Unicorn-19989.exe
2420	Unicorn-123.exe
2520	Unicorn-64259.exe
2756	Unicorn-27009.exe
1524	Unicorn-46875.exe
2748	Unicorn-22537.exe
1432	Unicorn-5219.exe
1516	Unicorn-1623.exe
276	Unicorn-40731.exe
840	Unicorn-16393.exe
1724	Unicorn-58468.exe
2024	Unicorn-12796.exe
1108	Unicorn-27653.exe
1920	Unicorn-47519.exe
584	Unicorn-20633.exe
908	Unicorn-22365.exe
1764	Unicorn-42231.exe
3056	Unicorn-23181.exe
2128	Unicorn-3315.exe
572	Unicorn-64162.exe
892	Unicorn-38152.exe
2680	Unicorn-50720.exe
2812	Unicorn-11057.exe
2760	Unicorn-65421.exe
2396	Unicorn-21250.exe
2604	Unicorn-47124.exe
2204	Unicorn-35950.exe
1172	Unicorn-12557.exe
2152	Unicorn-12557.exe
2200	Unicorn-12557.exe
2196	Unicorn-38432.exe

Loads dropped DLL 64 IoCs

pid	Process
2700	84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe
2700	84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe
2700	84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe
2700	84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe
2556	Unicorn-28823.exe
2556	Unicorn-28823.exe
2408	Unicorn-14476.exe
2556	Unicorn-28823.exe
2408	Unicorn-14476.exe
2556	Unicorn-28823.exe
2880	WerFault.exe
2880	WerFault.exe
2880	WerFault.exe
2880	WerFault.exe
2880	WerFault.exe
1604	WerFault.exe
1604	WerFault.exe
1604	WerFault.exe
1604	WerFault.exe
1604	WerFault.exe
2448	Unicorn-33321.exe
2448	Unicorn-33321.exe
2408	Unicorn-14476.exe
2408	Unicorn-14476.exe
2588	Unicorn-51582.exe
2588	Unicorn-51582.exe
548	WerFault.exe
548	WerFault.exe
548	WerFault.exe
548	WerFault.exe
548	WerFault.exe
2740	Unicorn-51812.exe
2740	Unicorn-51812.exe
2724	Unicorn-57821.exe
2588	Unicorn-51582.exe
2724	Unicorn-57821.exe
2448	Unicorn-33321.exe
2588	Unicorn-51582.exe
2448	Unicorn-33321.exe
1584	Unicorn-22866.exe
1584	Unicorn-22866.exe
1372	WerFault.exe
1372	WerFault.exe
1372	WerFault.exe
1372	WerFault.exe
1372	WerFault.exe
2780	WerFault.exe
2780	WerFault.exe
2780	WerFault.exe
2780	WerFault.exe
2780	WerFault.exe
2296	Unicorn-25353.exe
2296	Unicorn-25353.exe
2740	Unicorn-51812.exe
2740	Unicorn-51812.exe
336	Unicorn-16203.exe
336	Unicorn-16203.exe
1996	Unicorn-36069.exe
1996	Unicorn-36069.exe
1584	Unicorn-22866.exe
880	Unicorn-56058.exe
1584	Unicorn-22866.exe
880	Unicorn-56058.exe
540	Unicorn-10386.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2808	2700	WerFault.exe	27
2880	2584	WerFault.exe	28
1604	2556	WerFault.exe	29
548	2408	WerFault.exe	31
1372	2448	WerFault.exe	32
2780	2588	WerFault.exe	33
2916	2740	WerFault.exe	36
2060	2724	WerFault.exe	37
1016	1584	WerFault.exe	38
2436	2296	WerFault.exe	40
2516	336	WerFault.exe	42
2924	880	WerFault.exe	43
2876	1996	WerFault.exe	44
2468	540	WerFault.exe	41
2184	2520	WerFault.exe	76
1312	2072	WerFault.exe	47
3060	1740	WerFault.exe	48
1876	2360	WerFault.exe	50
2908	544	WerFault.exe	49
2096	1104	WerFault.exe	51
2336	2816	WerFault.exe	52
2228	2100	WerFault.exe	53
1376	1448	WerFault.exe	54
3012	616	WerFault.exe	58
2644	2340	WerFault.exe	60
2476	2872	WerFault.exe	61
332	1668	WerFault.exe	62
2656	2080	WerFault.exe	63
3048	1500	WerFault.exe	64
2984	1512	WerFault.exe	65
1056	3020	WerFault.exe	68
384	2272	WerFault.exe	67
2252	2540	WerFault.exe	66
1692	1428	WerFault.exe	72
1008	2420	WerFault.exe	73
3308	1432	WerFault.exe	82
3316	840	WerFault.exe	85
3356	2756	WerFault.exe	78
3372	1524	WerFault.exe	79
3396	1516	WerFault.exe	84
3404	1108	WerFault.exe	88
3388	584	WerFault.exe	90
3412	1920	WerFault.exe	89
3452	276	WerFault.exe	83
3468	3056	WerFault.exe	93
3476	908	WerFault.exe	91
3540	1764	WerFault.exe	92
3548	2024	WerFault.exe	87
3660	1724	WerFault.exe	86
3940	2896	WerFault.exe	59
4060	2128	WerFault.exe	94
3232	2748	WerFault.exe	81
3984	572	WerFault.exe	99
4020	892	WerFault.exe	100
3500	2812	WerFault.exe	106
3712	2680	WerFault.exe	105
3768	2196	WerFault.exe	114
3884	2760	WerFault.exe	107
3980	1900	WerFault.exe	122
3644	2256	WerFault.exe	119
3656	1084	WerFault.exe	125
4116	2396	WerFault.exe	108
4132	2604	WerFault.exe	109
4572	2216	WerFault.exe	135

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2700	84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe
2584	Unicorn-65309.exe
2556	Unicorn-28823.exe
2408	Unicorn-14476.exe
2448	Unicorn-33321.exe
2588	Unicorn-51582.exe
2740	Unicorn-51812.exe
2724	Unicorn-57821.exe
1584	Unicorn-22866.exe
2296	Unicorn-25353.exe
336	Unicorn-16203.exe
880	Unicorn-56058.exe
540	Unicorn-10386.exe
1996	Unicorn-36069.exe
2072	Unicorn-9015.exe
1740	Unicorn-27800.exe
544	Unicorn-2871.exe
2360	Unicorn-11563.exe
1104	Unicorn-21656.exe
2100	Unicorn-44070.exe
2816	Unicorn-41522.exe
1448	Unicorn-20608.exe
616	Unicorn-58321.exe
2896	Unicorn-11237.exe
2340	Unicorn-13526.exe
2872	Unicorn-21363.exe
1668	Unicorn-60013.exe
2080	Unicorn-60890.exe
1500	Unicorn-56417.exe
1512	Unicorn-12670.exe
2272	Unicorn-9074.exe
2540	Unicorn-54746.exe
3020	Unicorn-9074.exe
1428	Unicorn-19989.exe
2420	Unicorn-123.exe
2520	Unicorn-64259.exe
2756	Unicorn-27009.exe
1524	Unicorn-46875.exe
2748	Unicorn-22537.exe
1432	Unicorn-5219.exe
1516	Unicorn-1623.exe
276	Unicorn-40731.exe
840	Unicorn-16393.exe
1724	Unicorn-58468.exe
2024	Unicorn-12796.exe
1108	Unicorn-27653.exe
1920	Unicorn-47519.exe
584	Unicorn-20633.exe
1764	Unicorn-42231.exe
908	Unicorn-22365.exe
2128	Unicorn-3315.exe
3056	Unicorn-23181.exe
572	Unicorn-64162.exe
892	Unicorn-38152.exe
2680	Unicorn-50720.exe
2812	Unicorn-11057.exe
2760	Unicorn-65421.exe
2396	Unicorn-21250.exe
2604	Unicorn-47124.exe
2204	Unicorn-35950.exe
2152	Unicorn-12557.exe
2196	Unicorn-38432.exe
1172	Unicorn-12557.exe
1552	Unicorn-60777.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2584	2700	84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe	28
PID 2700 wrote to memory of 2584	2700	84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe	28
PID 2700 wrote to memory of 2584	2700	84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe	28
PID 2700 wrote to memory of 2584	2700	84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe	28
PID 2700 wrote to memory of 2556	2700	84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe	29
PID 2700 wrote to memory of 2556	2700	84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe	29
PID 2700 wrote to memory of 2556	2700	84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe	29
PID 2700 wrote to memory of 2556	2700	84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe	29
PID 2700 wrote to memory of 2808	2700	84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe	30
PID 2700 wrote to memory of 2808	2700	84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe	30
PID 2700 wrote to memory of 2808	2700	84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe	30
PID 2700 wrote to memory of 2808	2700	84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe	30
PID 2556 wrote to memory of 2408	2556	Unicorn-28823.exe	31
PID 2556 wrote to memory of 2408	2556	Unicorn-28823.exe	31
PID 2556 wrote to memory of 2408	2556	Unicorn-28823.exe	31
PID 2556 wrote to memory of 2408	2556	Unicorn-28823.exe	31
PID 2408 wrote to memory of 2448	2408	Unicorn-14476.exe	32
PID 2408 wrote to memory of 2448	2408	Unicorn-14476.exe	32
PID 2408 wrote to memory of 2448	2408	Unicorn-14476.exe	32
PID 2408 wrote to memory of 2448	2408	Unicorn-14476.exe	32
PID 2556 wrote to memory of 2588	2556	Unicorn-28823.exe	33
PID 2556 wrote to memory of 2588	2556	Unicorn-28823.exe	33
PID 2556 wrote to memory of 2588	2556	Unicorn-28823.exe	33
PID 2556 wrote to memory of 2588	2556	Unicorn-28823.exe	33
PID 2584 wrote to memory of 2880	2584	Unicorn-65309.exe	34
PID 2584 wrote to memory of 2880	2584	Unicorn-65309.exe	34
PID 2584 wrote to memory of 2880	2584	Unicorn-65309.exe	34
PID 2584 wrote to memory of 2880	2584	Unicorn-65309.exe	34
PID 2556 wrote to memory of 1604	2556	Unicorn-28823.exe	35
PID 2556 wrote to memory of 1604	2556	Unicorn-28823.exe	35
PID 2556 wrote to memory of 1604	2556	Unicorn-28823.exe	35
PID 2556 wrote to memory of 1604	2556	Unicorn-28823.exe	35
PID 2448 wrote to memory of 2740	2448	Unicorn-33321.exe	36
PID 2448 wrote to memory of 2740	2448	Unicorn-33321.exe	36
PID 2448 wrote to memory of 2740	2448	Unicorn-33321.exe	36
PID 2448 wrote to memory of 2740	2448	Unicorn-33321.exe	36
PID 2408 wrote to memory of 2724	2408	Unicorn-14476.exe	37
PID 2408 wrote to memory of 2724	2408	Unicorn-14476.exe	37
PID 2408 wrote to memory of 2724	2408	Unicorn-14476.exe	37
PID 2408 wrote to memory of 2724	2408	Unicorn-14476.exe	37
PID 2588 wrote to memory of 1584	2588	Unicorn-51582.exe	38
PID 2588 wrote to memory of 1584	2588	Unicorn-51582.exe	38
PID 2588 wrote to memory of 1584	2588	Unicorn-51582.exe	38
PID 2588 wrote to memory of 1584	2588	Unicorn-51582.exe	38
PID 2408 wrote to memory of 548	2408	Unicorn-14476.exe	39
PID 2408 wrote to memory of 548	2408	Unicorn-14476.exe	39
PID 2408 wrote to memory of 548	2408	Unicorn-14476.exe	39
PID 2408 wrote to memory of 548	2408	Unicorn-14476.exe	39
PID 2740 wrote to memory of 2296	2740	Unicorn-51812.exe	40
PID 2740 wrote to memory of 2296	2740	Unicorn-51812.exe	40
PID 2740 wrote to memory of 2296	2740	Unicorn-51812.exe	40
PID 2740 wrote to memory of 2296	2740	Unicorn-51812.exe	40
PID 2724 wrote to memory of 540	2724	Unicorn-57821.exe	41
PID 2724 wrote to memory of 540	2724	Unicorn-57821.exe	41
PID 2724 wrote to memory of 540	2724	Unicorn-57821.exe	41
PID 2724 wrote to memory of 540	2724	Unicorn-57821.exe	41
PID 2588 wrote to memory of 336	2588	Unicorn-51582.exe	42
PID 2588 wrote to memory of 336	2588	Unicorn-51582.exe	42
PID 2588 wrote to memory of 336	2588	Unicorn-51582.exe	42
PID 2588 wrote to memory of 336	2588	Unicorn-51582.exe	42
PID 2448 wrote to memory of 880	2448	Unicorn-33321.exe	43
PID 2448 wrote to memory of 880	2448	Unicorn-33321.exe	43
PID 2448 wrote to memory of 880	2448	Unicorn-33321.exe	43
PID 2448 wrote to memory of 880	2448	Unicorn-33321.exe	43

C:\Users\Admin\AppData\Local\Temp\84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe
"C:\Users\Admin\AppData\Local\Temp\84eb759d07956db719543f2c49b47f9ec8bff0c6f96b974a56512f5aca6e196e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51812.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25353.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58321.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42991.exe
        11⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-875.exe
        12⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43482.exe
        13⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        14⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
        15⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2637.exe
        16⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 216
        16⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
        15⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
        14⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
        13⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
        12⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
        13⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19067.exe
        14⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27953.exe
        15⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17818.exe
        16⤵
        
        PID:12976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
        15⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 220
        14⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        13⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
        12⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        11⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61279.exe
        12⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63252.exe
        13⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe
        14⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42890.exe
        15⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
        16⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
        15⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
        14⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
        13⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        12⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
        11⤵
        Program crash
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65336.exe
        10⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
        11⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52392.exe
        12⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19693.exe
        13⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe
        14⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41280.exe
        15⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
        16⤵
        
        PID:13200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
        15⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
        14⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        13⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
        12⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
        11⤵
        Program crash
        
        PID:4572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
        10⤵
        Program crash
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54231.exe
        10⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39002.exe
        11⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61279.exe
        12⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59831.exe
        13⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47095.exe
        14⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        15⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32701.exe
        16⤵
        
        PID:13068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10580 -s 236
        16⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 216
        15⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
        14⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        13⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        12⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63012.exe
        11⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
        12⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49747.exe
        13⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        14⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 204
        14⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 220
        13⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        12⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
        11⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57263.exe
        10⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61279.exe
        11⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
        12⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
        13⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
        14⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
        15⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 220
        14⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
        13⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
        12⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
        11⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
        10⤵
        Program crash
        
        PID:4020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 240
        9⤵
        Program crash
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37738.exe
        9⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
        10⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43082.exe
        11⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48878.exe
        12⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45430.exe
        13⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52630.exe
        14⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40785.exe
        15⤵
        
        PID:12660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 216
        14⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        13⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        12⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
        11⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
        10⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        11⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16552.exe
        12⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62247.exe
        13⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
        13⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
        12⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        11⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 220
        10⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
        9⤵
        Program crash
        
        PID:1008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
        8⤵
        Program crash
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 188
        9⤵
        Program crash
        
        PID:2184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
        8⤵
        Program crash
        
        PID:3940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        7⤵
        Program crash
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27800.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46875.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12557.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53694.exe
        10⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14596.exe
        11⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41498.exe
        12⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
        13⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        14⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe
        15⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
        14⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
        13⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        12⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 216
        11⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10901.exe
        10⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        11⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
        12⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62573.exe
        13⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62158.exe
        14⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 220
        13⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 220
        12⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        11⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
        10⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2858.exe
        9⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43606.exe
        10⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45543.exe
        11⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
        12⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
        13⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12385.exe
        14⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
        13⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
        12⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        11⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
        10⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
        9⤵
        Program crash
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
        9⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
        10⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7479.exe
        11⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23152.exe
        12⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
        13⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57057.exe
        14⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
        13⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
        12⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
        11⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 236
        10⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
        9⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
        10⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        11⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 220
        12⤵
        
        PID:10768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        11⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
        10⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 220
        9⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        8⤵
        Program crash
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27009.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21250.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4147.exe
        9⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16116.exe
        10⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe
        11⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11406.exe
        12⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4253.exe
        13⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46647.exe
        14⤵
        
        PID:13240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 216
        13⤵
        
        PID:10628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 236
        12⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
        11⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
        10⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        9⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        10⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
        11⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19813.exe
        12⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe
        13⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10324 -s 236
        13⤵
        
        PID:13228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 236
        12⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        11⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
        10⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
        9⤵
        Program crash
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        8⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48622.exe
        9⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
        10⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47473.exe
        11⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20128.exe
        12⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
        13⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
        12⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 236
        11⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        10⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 236
        9⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 220
        8⤵
        Program crash
        
        PID:3356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
        7⤵
        Program crash
        
        PID:3060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        6⤵
        Program crash
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41522.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12557.exe
        9⤵
        Executes dropped EXE
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        10⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59963.exe
        11⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4393.exe
        12⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        13⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
        14⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe
        15⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
        14⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
        13⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        12⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
        11⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44483.exe
        10⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
        11⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
        12⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        13⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25124.exe
        14⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
        13⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
        12⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        11⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
        10⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        9⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        10⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
        11⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        12⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        13⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
        14⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
        13⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
        12⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        11⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 216
        10⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 220
        9⤵
        Program crash
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52256.exe
        8⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51146.exe
        9⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-479.exe
        10⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24689.exe
        11⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
        12⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22323.exe
        13⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 236
        13⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
        12⤵
        
        PID:10036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        11⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 216
        10⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 216
        9⤵
        Program crash
        
        PID:3644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
        8⤵
        Program crash
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27653.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12557.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57290.exe
        9⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52392.exe
        10⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        11⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
        12⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8110.exe
        13⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2717.exe
        14⤵
        
        PID:12704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 204
        13⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
        12⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
        11⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 216
        10⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
        10⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
        11⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42890.exe
        12⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25039.exe
        13⤵
        
        PID:13064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
        12⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
        11⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        10⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 240
        9⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14596.exe
        9⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29922.exe
        10⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
        11⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
        12⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
        12⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
        11⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
        10⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
        9⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 220
        8⤵
        Program crash
        
        PID:3404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        7⤵
        Program crash
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54746.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23181.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6584.exe
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21676.exe
        9⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
        10⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        11⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47058.exe
        12⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
        13⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        14⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
        13⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
        12⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        11⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        10⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
        10⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63143.exe
        11⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53097.exe
        12⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 216
        12⤵
        
        PID:12460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
        11⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        10⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
        9⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43482.exe
        9⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        10⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
        11⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        12⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
        12⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 216
        11⤵
        
        PID:10516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
        10⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 216
        9⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
        8⤵
        Program crash
        
        PID:3468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
        7⤵
        Program crash
        
        PID:2252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
        6⤵
        Program crash
        
        PID:2924
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65480.exe
        9⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
        10⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
        11⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19397.exe
        12⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe
        13⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
        14⤵
        
        PID:12636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 236
        13⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
        12⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        11⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 236
        10⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
        9⤵
        Program crash
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
        8⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
        9⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        10⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40094.exe
        11⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
        12⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12385.exe
        13⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
        12⤵
        
        PID:10680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        11⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 216
        10⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 216
        9⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
        8⤵
        Program crash
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3315.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31411.exe
        8⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
        9⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
        10⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51840.exe
        11⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1220.exe
        12⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18500.exe
        13⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        14⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 216
        13⤵
        
        PID:12236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
        12⤵
        
        PID:9756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        11⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
        10⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48462.exe
        9⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        10⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
        11⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        12⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18412.exe
        13⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 204
        12⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 220
        11⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
        10⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 220
        9⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
        8⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
        9⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        10⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25152.exe
        11⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21059.exe
        12⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
        13⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10892 -s 216
        13⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
        12⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
        11⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        10⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 236
        9⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 220
        8⤵
        Program crash
        
        PID:4060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
        7⤵
        Program crash
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
        6⤵
        Executes dropped EXE
        
        PID:2688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
        6⤵
        Program crash
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20633.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
        9⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28581.exe
        10⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        11⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58337.exe
        11⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7674.exe
        12⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48605.exe
        13⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8228 -s 236
        13⤵
        
        PID:12408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 220
        12⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 220
        11⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
        10⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
        9⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        9⤵
        Program crash
        
        PID:3768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 216
        8⤵
        Program crash
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
        7⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13570.exe
        9⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
        9⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
        10⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61474.exe
        11⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48735.exe
        12⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 216
        12⤵
        
        PID:12544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
        11⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        10⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        9⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
        9⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        10⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4253.exe
        11⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
        12⤵
        
        PID:12320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        11⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 236
        10⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
        9⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 220
        8⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
        7⤵
        Program crash
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22365.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49672.exe
        7⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
        8⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34393.exe
        9⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17491.exe
        10⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
        11⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        12⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        13⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
        12⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        11⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
        10⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 236
        9⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        8⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7479.exe
        9⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        10⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
        11⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54443.exe
        12⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 220
        11⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
        10⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        9⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 220
        8⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        7⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52022.exe
        9⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17210.exe
        10⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36645.exe
        11⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15005.exe
        12⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 216
        11⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
        10⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
        9⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
        8⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
        7⤵
        Program crash
        
        PID:3476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 220
        6⤵
        Program crash
        
        PID:1376
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
        5⤵
        Program crash
        
        PID:2060
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36069.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11563.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21363.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47124.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
        10⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
        11⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61712.exe
        12⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3226.exe
        13⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25148.exe
        14⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 216
        14⤵
        
        PID:12476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
        13⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
        12⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 236
        11⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
        10⤵
        Program crash
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
        10⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
        11⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7674.exe
        12⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
        13⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 236
        13⤵
        
        PID:12356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 220
        12⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
        11⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
        10⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        9⤵
        Program crash
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
        9⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
        10⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        11⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
        12⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        13⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8216 -s 216
        13⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 216
        12⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        11⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
        10⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52386.exe
        9⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
        10⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63798.exe
        11⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
        12⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        13⤵
        
        PID:13152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11128 -s 236
        13⤵
        
        PID:12308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 220
        12⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
        11⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        10⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        9⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        8⤵
        Program crash
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5219.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50720.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        9⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
        10⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe
        11⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47850.exe
        12⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        13⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
        14⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
        13⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 236
        12⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        11⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
        10⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
        9⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51728.exe
        10⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58156.exe
        11⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
        12⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59830.exe
        13⤵
        
        PID:10904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
        13⤵
        
        PID:952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
        12⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        11⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
        10⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        9⤵
        Program crash
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13281.exe
        9⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60514.exe
        10⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe
        11⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
        12⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36302.exe
        13⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
        13⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
        12⤵
        
        PID:9420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 236
        11⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
        10⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39681.exe
        9⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        10⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
        11⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
        12⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 236
        12⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
        11⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
        10⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
        9⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
        8⤵
        Program crash
        
        PID:3308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
        7⤵
        Program crash
        
        PID:1876
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 216
        6⤵
        Program crash
        
        PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21656.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56417.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31411.exe
        8⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11483.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59872.exe
        10⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
        11⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
        12⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
        13⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 216
        13⤵
        
        PID:940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 236
        12⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
        11⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 216
        10⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 216
        9⤵
        Program crash
        
        PID:3656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
        8⤵
        Program crash
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
        7⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        8⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3907.exe
        9⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        10⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
        11⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23900.exe
        12⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
        13⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
        12⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        11⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        10⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
        9⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37814.exe
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
        9⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29434.exe
        10⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
        11⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23231.exe
        12⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 216
        11⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
        10⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        9⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 220
        8⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
        7⤵
        Program crash
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6413.exe
        7⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45002.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        9⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36564.exe
        10⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
        11⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
        12⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39503.exe
        13⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 236
        12⤵
        
        PID:10880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 236
        11⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        10⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 216
        9⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6453.exe
        8⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        9⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        10⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57620.exe
        11⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30225.exe
        12⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10368 -s 216
        12⤵
        
        PID:13136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
        11⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
        10⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        9⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
        8⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
        7⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        8⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
        9⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        10⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe
        11⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36844.exe
        12⤵
        
        PID:12336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 204
        11⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        10⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
        9⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 236
        8⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 220
        7⤵
        Program crash
        
        PID:3660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
        6⤵
        Program crash
        
        PID:2096
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
        5⤵
        Program crash
        
        PID:1016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2871.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40731.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40980.exe
        8⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        9⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
        10⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
        11⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
        12⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        13⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
        14⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
        13⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
        12⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        11⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        10⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27045.exe
        9⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        10⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23354.exe
        11⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        12⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        13⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
        12⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
        11⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
        9⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
        8⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
        9⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10202.exe
        10⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59229.exe
        11⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
        12⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48128.exe
        13⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 220
        12⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
        11⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
        10⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 236
        9⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 240
        8⤵
        Program crash
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15141.exe
        7⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25272.exe
        8⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        9⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe
        10⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
        11⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44946.exe
        12⤵
        
        PID:12688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9296 -s 236
        12⤵
        
        PID:13112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        10⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 216
        9⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 216
        8⤵
        Program crash
        
        PID:3980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
        7⤵
        Program crash
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1623.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
        7⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25272.exe
        8⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
        9⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        10⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42393.exe
        11⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9286.exe
        12⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43806.exe
        13⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 204
        12⤵
        
        PID:11992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 220
        11⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
        10⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
        9⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe
        9⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53074.exe
        10⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        11⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18994.exe
        12⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 236
        11⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        10⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        9⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 220
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2858.exe
        7⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44227.exe
        8⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
        9⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
        10⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28441.exe
        11⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
        12⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
        11⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
        10⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        9⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
        8⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        7⤵
        Program crash
        
        PID:3396
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 240
        6⤵
        Program crash
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        10⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
        11⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46699.exe
        12⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        13⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
        12⤵
        
        PID:11248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
        11⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
        10⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
        9⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64241.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
        9⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52866.exe
        10⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37422.exe
        11⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9421.exe
        12⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8772 -s 216
        12⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
        11⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 236
        10⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
        9⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        8⤵
        Program crash
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        7⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
        7⤵
        Program crash
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65421.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57971.exe
        7⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51600.exe
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25260.exe
        9⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30756.exe
        10⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40635.exe
        11⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
        12⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
        11⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
        10⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
        9⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
        8⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        8⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20476.exe
        9⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        10⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        11⤵
        
        PID:13288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
        10⤵
        
        PID:11192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 236
        9⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
        8⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
        7⤵
        Program crash
        
        PID:3884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        6⤵
        Program crash
        
        PID:2656
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 240
        5⤵
        Program crash
        
        PID:2516
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2780
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1604
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
  2⤵
  - Program crash
  PID:2808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-36069.exe

Filesize
184KB

MD5
5af40244306d6e740d118fe807c10c92

SHA1
01777b30e63dac9c807fcdbf5a743da422901b7b

SHA256
2a52222ae1abc8b37a77df0409af6909357e2d8b94408e9f996e773f6e6283eb

SHA512
d15fe45e120a35a174bbd09f0936691d8d5ed0d5c3fb7fee9f5354eec95228b2df15bab577e6b222ec825ba7ee196178ee4905dfeeda5914f09b3ee25001b39c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39681.exe

Filesize
184KB

MD5
cea1700767cbd24086a17b2f7870ec00

SHA1
2ef911683c2b9d8d8f6baa066532b2634be0220b

SHA256
9440c1a33f313c6fe9fdff42af43612a26544ce2f89d4a010de49d662326b8b3

SHA512
19f7d2a2ea390fc74eb02a68fdc65ce44d3275b9e420cf4b92d0319206d47f8bcabf9e694d0af2f3416cdfdc7813e3c6905479cecce37789eb3aa986496f70c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe

Filesize
184KB

MD5
57ace03f73df34a9d15b07e74acbff92

SHA1
86cabbc6ff7ece2f79d1b10afd9cf5f33e4aef2a

SHA256
309e574d51a448e80bd27c6292b90a1b0ca1e6556a9457fff24c324a7bdff10c

SHA512
51e87dc9363090d7a6f2486f9d45b52cee231189fb04742d162db9f17d79b84a9a5e8167365830895e57e45dba8732180ca8863ba8199f17b87d296cbb755722

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48735.exe

Filesize
184KB

MD5
b7f25280cb381023dbd3c108f7cad0ce

SHA1
92f867bdf8b894a9bd07e227c33da7fc99e10972

SHA256
6764568afe3129d8173ad9e57b21e250a98412cf82059812f7f8a90e4cb35e6f

SHA512
4cee123609a2e36540902bfe8a70f1a233025f0f99ef7547affcbbf0bbded29b4362ca3ba58fbeefbda1e782dadf61c62a86dfc16bfd0d25734422e0fb11b061

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe

Filesize
184KB

MD5
86e9eaab7189a54f7d89ac6a7e6c2334

SHA1
91fc6f70881dbd57368014dc5a76db386e5609b4

SHA256
311b6b819a75ab5cea55841e095e1edd5d44f685d299ef90df60625f3d68776d

SHA512
558a587ae3c7d20382477240a0769329dafcfeecb2f8c21f6515da6a15e55ccc3208037e84a4062595587927d6c90e1258b56e0254477f24e0b0a81cf41a8735

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe

Filesize
184KB

MD5
932122dc1c1197b72d9787b7f49952ce

SHA1
08733e81cb1ddc32cfa277ecb9fef3a1983e6a18

SHA256
0ef4c9dda7d736a854bf94b81e861aab6cde6b4592b716a39fe2e66de0f2a067

SHA512
dd1d983154dd70bf537f291cda47488b77934df0d76a2336a7d95fc36d6f42fe0ca5b28b3a1592a75714c8a1f3ca5cdd607c789dec73e83d5be3d58e85056755

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe

Filesize
184KB

MD5
bd712a715355287a14f614f63d054db4

SHA1
541fc41f4dbadec5bd8c1f3c1f1a91ff475a8d0a

SHA256
878eda536840ecb61f8c3fa5eb293c62dd09526e4ac519c6c978ad2beadef61a

SHA512
57f110dd00bf60550ec2f2b07478b72f9e195038b2501382e35c3c32c2a43d2801fccf6ef4309cf8c6f236240dc32f124cdf47da006b37e2c43b6fb2048a5347

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe

Filesize
184KB

MD5
d794330204a5c64c1905d5353f2e1f15

SHA1
063158eafdf6541a3fc6934cb2f2bf71f473dc80

SHA256
172f697d4de1cf24246869e38862a2d4f6fa4bb88152284aca22be90ca81f6a4

SHA512
96d32d5628ccb2ebb244b1b909e9e9b6176ee862171a41bd6ebcd72eb365115c093dd3dc4f21610a29ae64c454e2a11b62043f8805703c5d8618d9911b1d3122

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6584.exe

Filesize
184KB

MD5
fd4b962fd156cc8164365c57ab9326de

SHA1
8173e8875dacb5d51781d003ac12851635deb8f2

SHA256
908b4c3a07657c4bf4833d372d4c043f7e3e534b1e52d3e93b0880fee95c37f0

SHA512
314861bb56ea914db3254cea3efdefdfc09c4fbd6c997fef62d63b70e012af0dd6d6b70c718d1c5fbc282586f8940311a21996ec65676850c6b348e74804c8a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe

Filesize
184KB

MD5
508223ca2be64fb66d6a31b01e8a8993

SHA1
4e37a057231e9e892a9a4a1c077adaa5b1ffc229

SHA256
df8538648fced2f87d69a821f6384a77610b3d4873a544cfe4a8c47c1587bbee

SHA512
db06974d09002a1b207b9fcb3f0e7032874e3aaa700a808bd74e7ebde0019cdfa1d3c5e22af3f5f9427dd4dd7bc603c2eb833ba48b9edb05ee64a048192caded

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe

Filesize
184KB

MD5
08a21a3cad45a3cdf7b1ba81b84e1198

SHA1
ce3b2645b43e1a5b97e6b55cc261bcc9948c009a

SHA256
ce0958734668eb67d00ec315936f69053d065852a8c1748fecdd95b38edd3f16

SHA512
1dce4d8f935b075a6f4ba02dfd8423abb5344ad044eb361f67472f74aa0cad3a991ce8ffc5f41b195579de733908a33d98834a7f5138cf848972181fe0b9af6c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe

Filesize
184KB

MD5
1ded2375832edd6ca43cf7f1079328b7

SHA1
9d05aac53a6e1e6990271084a91b109871efdd3e

SHA256
1a4b92a4e327da96f154eeab624d53e66d12fbd6de2ba1b2077d3aa68f525958

SHA512
5c8524fff705d6cd46eceab0ed0e7857ae347ecc9198db3b696eaec35b56b982c152a5cf0f8dd3ef2251712ffb958077c1e3aa0f476f0053b0741dc8ea268c7d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe

Filesize
184KB

MD5
862d30eb12a3cc7151f1fe2555280414

SHA1
f572e1d4f5bb661213f46915f8662aed82be5c23

SHA256
991b87253ddd5b28386b4b874d065bc0acec1f86bd01c7c27a532e68fdfd23bd

SHA512
e4a96c6f58db9060a449f95f70e820b3f65b50b95b856b208fdded56a3d13e4d38f3d3c2e21bd7f5bc48696565924bf93eada19496ce629f476cc11c9c3097e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe

Filesize
184KB

MD5
c50f5c702f167f77901cdcb18844e38f

SHA1
36a32dc7dfee734d8ffeeea56d7e61ff9d324a27

SHA256
2c71852458b15314e68807dc43065efd84f0e6a981dfd92fc3ac38490e66f817

SHA512
8a51cd72ba9a70adfdaaf44264a1e0f535c708ff954a501f7838bd6d3b045f4c013c1fa84011ca6ae7d955a97544191d154c518855663ae2183c5b145a785c67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25353.exe

Filesize
184KB

MD5
841272a561488089068c48d0f0ae8211

SHA1
85abf705e0548c0c6db21332662083769eab21b1

SHA256
ff18be12ed99f2de0b08f503fa452b422015a9c15740841e8f2e50b7bed506c1

SHA512
b02ef86e33adcefb331c4f2229be4e9fd746c99c962ffa3578e1483920b7110157cbc16752706c8a9d59e226f0ccf42229d468b1220dfd63e69cbb0894d250e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe

Filesize
184KB

MD5
c567f8ac019a6e80ff2a8a7c4689522e

SHA1
d1207866efab854ee1bb69d7407a66a5dfbd5ae8

SHA256
181aa3b235f75eea8debeec40db40575d596c6a9169df1e29cd1423d19ff7e53

SHA512
3b5bcacf0cf69e753be0ca287e216a9b6514e8106229ad5b84fb96523bba94d4535849d89585c39eb738e399acc0614c12187a9826ccce14d2f24243e28f9cde

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe

Filesize
184KB

MD5
39198f0d91926af1c19f2a68ac88a5f1

SHA1
2b7178cd815559b9e08c7cde073d2b93a7edd513

SHA256
81761bd8dd06fbe00f55257bc4c749944e324e2564c251d733e709537f61a021

SHA512
b11331b67f30909ff9b97adc1a27dc59c14efaf50fd2f4a1275ca2c319c7af2a6d41ad9d7166a6e92225c2bbef58fb5fedf9f283bbde522e70a14a6a6a80f877

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe

Filesize
184KB

MD5
8d8803a09998bc4b841bcf68a7ae9273

SHA1
c20c8443d35dba1e3df1ebc0f8f543266a78f8fa

SHA256
d75650159065eaae62bbd1e90c2b40a5cdf56872b5723caf51c229a265ada1b3

SHA512
2c2dc6b51b6cdf0599a0c937730e3d4ec9a0ae21175eaa86763d1d55f05b65378199f96c69a6357984a889915befab9eb3ea4675c669725909914501b8d082a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51812.exe

Filesize
184KB

MD5
81b5f027b4df1fdec3bc49eee5356725

SHA1
a9a5c223be53eeedcd911f99ee52b7740c82ccae

SHA256
53d801685e098754138e2e286b942cf0984573147d9d05c6041772ed858910ab

SHA512
5687a05e20bd5cbc5acf340621ff4f117b126593cd5f598bf354200084d629106fa13f9999063f91b095827dbaef28bf43785bad64d493d26280dc163aa659e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe

Filesize
184KB

MD5
80d5579360d6273acd6042544c7e405f

SHA1
e7928da280833de6269445016df5cd8730d2c5b0

SHA256
617f026fe163607514be9b028cf6583a768907ed562a12152f9d688c6405b6ec

SHA512
de4c30a940dc41929248ded8199fc1cc49d5f0c21e88c0058c177c0370c4c0f50ea1517eea866d038f1316d8b8ea1ece02fa75c650e4a70980cdc831b4211da8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.