1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe
Size

184KB
MD5

1f8473242a9abae83a6537c2f8f145f7
SHA1

2dd614c333202d7705ebcb248b1b113b4456dc3f
SHA256

1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a
SHA512

fbcbcfe247003ee02a8b631af0e94ba3e9889ab32972ab95cb185fddf5e3196a3a047620e6d9f62f50203b1461fa747ab0b786a0a30e561ca5426622c57ebafb
SSDEEP

3072:0LZgNEolqP1px4zcW7K8N1b2cvnqnviFl:0LTouX4zO8bb2cPqnviF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1264	Unicorn-18905.exe
2004	Unicorn-20611.exe
2700	Unicorn-40477.exe
2808	Unicorn-32392.exe
2580	Unicorn-9833.exe
2556	Unicorn-51421.exe
2940	Unicorn-16103.exe
2088	Unicorn-8489.exe
1920	Unicorn-51468.exe
2944	Unicorn-5796.exe
1288	Unicorn-36523.exe
1444	Unicorn-11800.exe
1404	Unicorn-48557.exe
1244	Unicorn-59418.exe
316	Unicorn-13746.exe
1956	Unicorn-9662.exe
2352	Unicorn-2049.exe
3020	Unicorn-21915.exe
1036	Unicorn-2049.exe
704	Unicorn-49387.exe
2140	Unicorn-3715.exe
1536	Unicorn-17914.exe
1540	Unicorn-28774.exe
1384	Unicorn-48640.exe
2256	Unicorn-60892.exe
924	Unicorn-53279.exe
2420	Unicorn-7607.exe
2228	Unicorn-3523.exe
2364	Unicorn-15776.exe
2012	Unicorn-46502.exe
1864	Unicorn-57363.exe
2144	Unicorn-26636.exe
2744	Unicorn-60098.exe
2324	Unicorn-56014.exe
2760	Unicorn-49470.exe
2668	Unicorn-9828.exe
2588	Unicorn-51416.exe
2204	Unicorn-48723.exe
1520	Unicorn-59584.exe
2956	Unicorn-13912.exe
2396	Unicorn-52807.exe
1660	Unicorn-14467.exe
1712	Unicorn-54753.exe
2860	Unicorn-19943.exe
1960	Unicorn-12329.exe
1448	Unicorn-28111.exe
1800	Unicorn-9636.exe
1512	Unicorn-51224.exe
2152	Unicorn-36279.exe
2904	Unicorn-49299.exe
2100	Unicorn-60160.exe
1720	Unicorn-14488.exe
1004	Unicorn-25349.exe
1156	Unicorn-52013.exe
1248	Unicorn-62874.exe
820	Unicorn-56097.exe
1032	Unicorn-1421.exe
1968	Unicorn-33539.exe
1284	Unicorn-674.exe
2772	Unicorn-17011.exe
2384	Unicorn-17011.exe
3000	Unicorn-40123.exe
2756	Unicorn-59989.exe
2568	Unicorn-5313.exe

Loads dropped DLL 64 IoCs

pid	Process
2460	1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe
2460	1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe
2460	1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe
2460	1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe
1264	Unicorn-18905.exe
1264	Unicorn-18905.exe
2004	Unicorn-20611.exe
2004	Unicorn-20611.exe
2700	Unicorn-40477.exe
2700	Unicorn-40477.exe
1264	Unicorn-18905.exe
1264	Unicorn-18905.exe
2076	WerFault.exe
2076	WerFault.exe
2076	WerFault.exe
2076	WerFault.exe
2076	WerFault.exe
2808	Unicorn-32392.exe
2808	Unicorn-32392.exe
2004	Unicorn-20611.exe
2004	Unicorn-20611.exe
2556	Unicorn-51421.exe
2700	Unicorn-40477.exe
2556	Unicorn-51421.exe
2700	Unicorn-40477.exe
2580	Unicorn-9833.exe
2580	Unicorn-9833.exe
2812	WerFault.exe
2812	WerFault.exe
2812	WerFault.exe
2812	WerFault.exe
2812	WerFault.exe
2812	WerFault.exe
2812	WerFault.exe
2088	Unicorn-8489.exe
2088	Unicorn-8489.exe
2940	Unicorn-16103.exe
2940	Unicorn-16103.exe
1920	Unicorn-51468.exe
1920	Unicorn-51468.exe
2808	Unicorn-32392.exe
2808	Unicorn-32392.exe
1288	Unicorn-36523.exe
1288	Unicorn-36523.exe
2944	Unicorn-5796.exe
2944	Unicorn-5796.exe
2580	Unicorn-9833.exe
2556	Unicorn-51421.exe
2580	Unicorn-9833.exe
2556	Unicorn-51421.exe
1980	WerFault.exe
1980	WerFault.exe
1980	WerFault.exe
1980	WerFault.exe
1980	WerFault.exe
1376	WerFault.exe
1376	WerFault.exe
1376	WerFault.exe
1376	WerFault.exe
1376	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2684	2460	WerFault.exe	27
2076	1264	WerFault.exe	28
2812	2700	WerFault.exe	30
1980	2808	WerFault.exe	32
1376	2580	WerFault.exe	33
2512	2556	WerFault.exe	34
2176	2088	WerFault.exe	37
2360	2940	WerFault.exe	36
2412	1920	WerFault.exe	39
2752	1288	WerFault.exe	40
2672	2944	WerFault.exe	38
1136	1444	WerFault.exe	42
1020	1404	WerFault.exe	43
916	1244	WerFault.exe	45
2268	316	WerFault.exe	44
1188	2352	WerFault.exe	48
1584	1036	WerFault.exe	49
892	1956	WerFault.exe	46
1588	3020	WerFault.exe	47
2780	704	WerFault.exe	53
2620	2140	WerFault.exe	54
2724	1536	WerFault.exe	55
2852	1384	WerFault.exe	57
1608	1540	WerFault.exe	56
2924	2256	WerFault.exe	58
816	924	WerFault.exe	59
1728	2420	WerFault.exe	60
1256	2144	WerFault.exe	64
2444	2228	WerFault.exe	61
1928	1864	WerFault.exe	65
1080	2364	WerFault.exe	62
1716	2012	WerFault.exe	63
3140	2744	WerFault.exe	67
3436	1520	WerFault.exe	77
3644	1004	WerFault.exe	91
3708	2668	WerFault.exe	74
3732	1660	WerFault.exe	80
3740	2760	WerFault.exe	71
3928	1712	WerFault.exe	81
3936	2324	WerFault.exe	68
3960	2956	WerFault.exe	78
4000	2204	WerFault.exe	76
4016	2588	WerFault.exe	75
4024	1448	WerFault.exe	84
4040	2904	WerFault.exe	88
4056	2396	WerFault.exe	79
4072	2100	WerFault.exe	89
3152	1720	WerFault.exe	90
3184	1512	WerFault.exe	86
3284	2152	WerFault.exe	87
3320	1960	WerFault.exe	83
3388	2860	WerFault.exe	82
3400	1800	WerFault.exe	85
3424	1248	WerFault.exe	94
3640	1968	WerFault.exe	99
3664	1156	WerFault.exe	93
3764	1032	WerFault.exe	96
3852	2044	WerFault.exe	113
3968	1628	WerFault.exe	115
3348	1284	WerFault.exe	104
3460	3000	WerFault.exe	108
3620	2060	WerFault.exe	119
3872	2740	WerFault.exe	121
3504	576	WerFault.exe	122

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2460	1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe
1264	Unicorn-18905.exe
2004	Unicorn-20611.exe
2700	Unicorn-40477.exe
2808	Unicorn-32392.exe
2580	Unicorn-9833.exe
2556	Unicorn-51421.exe
2940	Unicorn-16103.exe
2088	Unicorn-8489.exe
1920	Unicorn-51468.exe
2944	Unicorn-5796.exe
1288	Unicorn-36523.exe
1444	Unicorn-11800.exe
1244	Unicorn-59418.exe
1404	Unicorn-48557.exe
316	Unicorn-13746.exe
1956	Unicorn-9662.exe
2352	Unicorn-2049.exe
1036	Unicorn-2049.exe
3020	Unicorn-21915.exe
704	Unicorn-49387.exe
2140	Unicorn-3715.exe
1536	Unicorn-17914.exe
1540	Unicorn-28774.exe
1384	Unicorn-48640.exe
2256	Unicorn-60892.exe
924	Unicorn-53279.exe
2420	Unicorn-7607.exe
2228	Unicorn-3523.exe
2364	Unicorn-15776.exe
1864	Unicorn-57363.exe
2012	Unicorn-46502.exe
2144	Unicorn-26636.exe
2744	Unicorn-60098.exe
2324	Unicorn-56014.exe
2760	Unicorn-49470.exe
2668	Unicorn-9828.exe
2588	Unicorn-51416.exe
2204	Unicorn-48723.exe
1520	Unicorn-59584.exe
2956	Unicorn-13912.exe
2396	Unicorn-52807.exe
1660	Unicorn-14467.exe
1712	Unicorn-54753.exe
1960	Unicorn-12329.exe
2860	Unicorn-19943.exe
1448	Unicorn-28111.exe
1800	Unicorn-9636.exe
2152	Unicorn-36279.exe
1512	Unicorn-51224.exe
2904	Unicorn-49299.exe
2100	Unicorn-60160.exe
1720	Unicorn-14488.exe
1004	Unicorn-25349.exe
1156	Unicorn-52013.exe
1248	Unicorn-62874.exe
820	Unicorn-56097.exe
1032	Unicorn-1421.exe
1968	Unicorn-33539.exe
1284	Unicorn-674.exe
2772	Unicorn-17011.exe
2384	Unicorn-17011.exe
3000	Unicorn-40123.exe
2756	Unicorn-59989.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 1264	2460	1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe	28
PID 2460 wrote to memory of 1264	2460	1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe	28
PID 2460 wrote to memory of 1264	2460	1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe	28
PID 2460 wrote to memory of 1264	2460	1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe	28
PID 2460 wrote to memory of 2004	2460	1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe	29
PID 2460 wrote to memory of 2004	2460	1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe	29
PID 2460 wrote to memory of 2004	2460	1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe	29
PID 2460 wrote to memory of 2004	2460	1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe	29
PID 1264 wrote to memory of 2700	1264	Unicorn-18905.exe	30
PID 1264 wrote to memory of 2700	1264	Unicorn-18905.exe	30
PID 1264 wrote to memory of 2700	1264	Unicorn-18905.exe	30
PID 1264 wrote to memory of 2700	1264	Unicorn-18905.exe	30
PID 2460 wrote to memory of 2684	2460	1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe	31
PID 2460 wrote to memory of 2684	2460	1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe	31
PID 2460 wrote to memory of 2684	2460	1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe	31
PID 2460 wrote to memory of 2684	2460	1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe	31
PID 2004 wrote to memory of 2808	2004	Unicorn-20611.exe	32
PID 2004 wrote to memory of 2808	2004	Unicorn-20611.exe	32
PID 2004 wrote to memory of 2808	2004	Unicorn-20611.exe	32
PID 2004 wrote to memory of 2808	2004	Unicorn-20611.exe	32
PID 2700 wrote to memory of 2580	2700	Unicorn-40477.exe	33
PID 2700 wrote to memory of 2580	2700	Unicorn-40477.exe	33
PID 2700 wrote to memory of 2580	2700	Unicorn-40477.exe	33
PID 2700 wrote to memory of 2580	2700	Unicorn-40477.exe	33
PID 1264 wrote to memory of 2556	1264	Unicorn-18905.exe	34
PID 1264 wrote to memory of 2556	1264	Unicorn-18905.exe	34
PID 1264 wrote to memory of 2556	1264	Unicorn-18905.exe	34
PID 1264 wrote to memory of 2556	1264	Unicorn-18905.exe	34
PID 1264 wrote to memory of 2076	1264	Unicorn-18905.exe	35
PID 1264 wrote to memory of 2076	1264	Unicorn-18905.exe	35
PID 1264 wrote to memory of 2076	1264	Unicorn-18905.exe	35
PID 1264 wrote to memory of 2076	1264	Unicorn-18905.exe	35
PID 2808 wrote to memory of 2940	2808	Unicorn-32392.exe	36
PID 2808 wrote to memory of 2940	2808	Unicorn-32392.exe	36
PID 2808 wrote to memory of 2940	2808	Unicorn-32392.exe	36
PID 2808 wrote to memory of 2940	2808	Unicorn-32392.exe	36
PID 2004 wrote to memory of 2088	2004	Unicorn-20611.exe	37
PID 2004 wrote to memory of 2088	2004	Unicorn-20611.exe	37
PID 2004 wrote to memory of 2088	2004	Unicorn-20611.exe	37
PID 2004 wrote to memory of 2088	2004	Unicorn-20611.exe	37
PID 2556 wrote to memory of 2944	2556	Unicorn-51421.exe	38
PID 2556 wrote to memory of 2944	2556	Unicorn-51421.exe	38
PID 2556 wrote to memory of 2944	2556	Unicorn-51421.exe	38
PID 2556 wrote to memory of 2944	2556	Unicorn-51421.exe	38
PID 2700 wrote to memory of 1920	2700	Unicorn-40477.exe	39
PID 2700 wrote to memory of 1920	2700	Unicorn-40477.exe	39
PID 2700 wrote to memory of 1920	2700	Unicorn-40477.exe	39
PID 2700 wrote to memory of 1920	2700	Unicorn-40477.exe	39
PID 2580 wrote to memory of 1288	2580	Unicorn-9833.exe	40
PID 2580 wrote to memory of 1288	2580	Unicorn-9833.exe	40
PID 2580 wrote to memory of 1288	2580	Unicorn-9833.exe	40
PID 2580 wrote to memory of 1288	2580	Unicorn-9833.exe	40
PID 2700 wrote to memory of 2812	2700	Unicorn-40477.exe	41
PID 2700 wrote to memory of 2812	2700	Unicorn-40477.exe	41
PID 2700 wrote to memory of 2812	2700	Unicorn-40477.exe	41
PID 2700 wrote to memory of 2812	2700	Unicorn-40477.exe	41
PID 2088 wrote to memory of 1444	2088	Unicorn-8489.exe	42
PID 2088 wrote to memory of 1444	2088	Unicorn-8489.exe	42
PID 2088 wrote to memory of 1444	2088	Unicorn-8489.exe	42
PID 2088 wrote to memory of 1444	2088	Unicorn-8489.exe	42
PID 2940 wrote to memory of 1404	2940	Unicorn-16103.exe	43
PID 2940 wrote to memory of 1404	2940	Unicorn-16103.exe	43
PID 2940 wrote to memory of 1404	2940	Unicorn-16103.exe	43
PID 2940 wrote to memory of 1404	2940	Unicorn-16103.exe	43

C:\Users\Admin\AppData\Local\Temp\1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe
"C:\Users\Admin\AppData\Local\Temp\1910cb56edb57b59a7481f82cd47be50800ce7c8ec0e56e1178bf2df8c11d54a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9833.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9662.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49299.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
        9⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59434.exe
        10⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35589.exe
        11⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37652.exe
        12⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe
        13⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        14⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 216
        14⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        13⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        12⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        11⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49465.exe
        10⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe
        11⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        12⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        13⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
        13⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
        12⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        11⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
        10⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe
        9⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45210.exe
        10⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
        11⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9904.exe
        12⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12395.exe
        13⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 236
        13⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
        12⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
        11⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        10⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        9⤵
        Program crash
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48832.exe
        8⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47182.exe
        9⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6891.exe
        10⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
        11⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32525.exe
        12⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22484.exe
        13⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 220
        13⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 216
        12⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 220
        11⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
        10⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 236
        9⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
        8⤵
        Program crash
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7244.exe
        8⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20540.exe
        9⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
        10⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
        11⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe
        12⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19604.exe
        13⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        14⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 216
        13⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
        12⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 236
        11⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
        10⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 236
        9⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
        9⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        10⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14564.exe
        11⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24451.exe
        12⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 216
        12⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
        11⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        10⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
        9⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
        8⤵
        Program crash
        
        PID:4072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
        7⤵
        Program crash
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
        8⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57488.exe
        9⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        10⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5830.exe
        11⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
        12⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
        13⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
        14⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 220
        13⤵
        
        PID:12296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
        12⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
        11⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
        10⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 236
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10980.exe
        8⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        9⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
        10⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe
        11⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
        12⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 220
        12⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        11⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 236
        10⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 216
        9⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
        8⤵
        Program crash
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9937.exe
        7⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        9⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50864.exe
        10⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        11⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        12⤵
        
        PID:11132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 216
        12⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
        11⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 236
        10⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        9⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
        8⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        7⤵
        Program crash
        
        PID:1256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
        6⤵
        Program crash
        
        PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
        8⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
        9⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
        10⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42862.exe
        11⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1305.exe
        12⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43096.exe
        13⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 216
        13⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 220
        12⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
        11⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
        10⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 236
        9⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27316.exe
        8⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37426.exe
        9⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14657.exe
        10⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37232.exe
        11⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46241.exe
        12⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 216
        12⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
        11⤵
        
        PID:10200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 220
        10⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        9⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        8⤵
        Program crash
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59138.exe
        7⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
        8⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8453.exe
        9⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26718.exe
        10⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34601.exe
        11⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38073.exe
        12⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 216
        12⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
        11⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
        10⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 216
        9⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
        8⤵
        Program crash
        
        PID:3620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        7⤵
        Program crash
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12329.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        7⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53404.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32718.exe
        9⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
        10⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65000.exe
        11⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        12⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 216
        12⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
        11⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
        10⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 216
        9⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 236
        8⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41706.exe
        7⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 220
        8⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
        7⤵
        Program crash
        
        PID:3320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        6⤵
        Program crash
        
        PID:1188
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55905.exe
        8⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42522.exe
        9⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
        10⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
        11⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32525.exe
        12⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        13⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 216
        13⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
        12⤵
        
        PID:9836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        11⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 216
        10⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38473.exe
        9⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
        10⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        11⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
        12⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 220
        12⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
        11⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        10⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 220
        9⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        9⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
        10⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56453.exe
        11⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        12⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 216
        12⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 220
        11⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
        10⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 216
        9⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
        8⤵
        Program crash
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58858.exe
        8⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        9⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
        10⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27673.exe
        11⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 220
        12⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
        11⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 236
        10⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 216
        9⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        7⤵
        Program crash
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2620.exe
        7⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
        9⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7859.exe
        10⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4559.exe
        11⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        12⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
        12⤵
        
        PID:12792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
        11⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
        10⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
        9⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
        8⤵
        Program crash
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55521.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24899.exe
        8⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31705.exe
        9⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39349.exe
        10⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        11⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        12⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11108 -s 236
        12⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 216
        11⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
        10⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        9⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 216
        8⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
        7⤵
        Program crash
        
        PID:3732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 240
        6⤵
        Program crash
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53279.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54753.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exe
        7⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        9⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56977.exe
        10⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 200
        11⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 220
        10⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 216
        9⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe
        7⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
        8⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
        9⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
        10⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        11⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25349.exe
        12⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 216
        11⤵
        
        PID:12428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 220
        10⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
        9⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 216
        8⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
        7⤵
        Program crash
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52376.exe
        6⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe
        7⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
        9⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39349.exe
        10⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
        11⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 216
        11⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
        10⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
        9⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 236
        8⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
        7⤵
        Program crash
        
        PID:3968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 240
        6⤵
        Program crash
        
        PID:816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
        5⤵
        Program crash
        
        PID:2412
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51421.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21915.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46502.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14488.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        8⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19964.exe
        9⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
        10⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        11⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44585.exe
        12⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-226.exe
        13⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 220
        13⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 220
        12⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
        11⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 216
        10⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
        9⤵
        Program crash
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43076.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
        9⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        10⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2976.exe
        11⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        12⤵
        
        PID:10640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 216
        12⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
        11⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
        10⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 216
        9⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
        8⤵
        Program crash
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32495.exe
        7⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        8⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
        10⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        11⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
        12⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 220
        12⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
        11⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        10⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 216
        9⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 216
        8⤵
        Program crash
        
        PID:3504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        7⤵
        Program crash
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25349.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe
        7⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37618.exe
        9⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63043.exe
        10⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe
        11⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54985.exe
        12⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 216
        12⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 236
        11⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
        10⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
        9⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 216
        8⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 236
        7⤵
        Program crash
        
        PID:3644
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
        6⤵
        Program crash
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57363.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36279.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20540.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        9⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
        10⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20704.exe
        11⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
        12⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 236
        12⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 220
        11⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
        10⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        9⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
        8⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51816.exe
        8⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe
        9⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36609.exe
        10⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        11⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
        12⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
        11⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
        10⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        9⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        8⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 220
        7⤵
        Program crash
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        6⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
        7⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59600.exe
        8⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48233.exe
        9⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27765.exe
        9⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25426.exe
        10⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 188
        11⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 220
        10⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 240
        9⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 216
        8⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 216
        7⤵
        
        PID:2172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
        6⤵
        Program crash
        
        PID:1928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
        5⤵
        Program crash
        
        PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3523.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28111.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40109.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
        8⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
        9⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        10⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
        11⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35037.exe
        12⤵
        
        PID:10920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 220
        12⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        11⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
        10⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 216
        9⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
        8⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2231.exe
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        9⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1305.exe
        10⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        11⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        12⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 216
        11⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 220
        10⤵
        
        PID:10180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
        9⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 216
        8⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
        7⤵
        Program crash
        
        PID:4024
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 216
        6⤵
        Program crash
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51224.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe
        6⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        7⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53988.exe
        8⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49764.exe
        9⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        10⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
        10⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 236
        9⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        8⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 216
        7⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6896.exe
        6⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
        8⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
        9⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        10⤵
        
        PID:11248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 216
        10⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        9⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 220
        8⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 216
        7⤵
        
        PID:5340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
        6⤵
        Program crash
        
        PID:3184
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
        5⤵
        Program crash
        
        PID:1584
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2512
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32392.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16103.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9828.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17011.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
        9⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26962.exe
        10⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3495.exe
        11⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        12⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54648.exe
        13⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
        12⤵
        
        PID:11416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 236
        11⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 236
        10⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 216
        9⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2236.exe
        8⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10700.exe
        9⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64953.exe
        10⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        11⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        12⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
        13⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 216
        12⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
        11⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
        10⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
        9⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
        8⤵
        Program crash
        
        PID:3708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 236
        7⤵
        Program crash
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51416.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-674.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5765.exe
        8⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        9⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49769.exe
        10⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        11⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        12⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
        13⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 216
        12⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 220
        11⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        10⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
        9⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 216
        8⤵
        Program crash
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        8⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2213.exe
        9⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
        10⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
        11⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8344 -s 236
        11⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
        10⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 220
        9⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 216
        8⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
        7⤵
        Program crash
        
        PID:4016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 240
        6⤵
        Program crash
        
        PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28774.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59989.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20156.exe
        8⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37919.exe
        9⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
        10⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
        11⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65187.exe
        12⤵
        
        PID:10948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
        12⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 220
        11⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 220
        10⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
        9⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54810.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe
        9⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
        10⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        11⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
        12⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
        11⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
        10⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
        9⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51437.exe
        7⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57654.exe
        8⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34035.exe
        9⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        10⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        11⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 216
        11⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 220
        10⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
        9⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 236
        8⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
        7⤵
        Program crash
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5313.exe
        6⤵
        Executes dropped EXE
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40384.exe
        7⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-970.exe
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63391.exe
        9⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        10⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
        11⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 220
        11⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
        10⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        9⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 216
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40419.exe
        7⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48233.exe
        8⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
        8⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
        9⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        10⤵
        
        PID:10800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
        10⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 220
        9⤵
        
        PID:10048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 220
        8⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 220
        7⤵
        
        PID:5036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
        6⤵
        Program crash
        
        PID:1608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
        5⤵
        Program crash
        
        PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48640.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17011.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30270.exe
        8⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46087.exe
        9⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5062.exe
        10⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        11⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        12⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 216
        12⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
        11⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        10⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
        9⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62978.exe
        8⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49193.exe
        9⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11528.exe
        10⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exe
        11⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 220
        11⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 216
        10⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        9⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        8⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30824.exe
        7⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38503.exe
        9⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56453.exe
        10⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        11⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 216
        11⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 220
        10⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
        9⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 216
        8⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        7⤵
        Program crash
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40123.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36492.exe
        7⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        8⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
        9⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
        10⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 220
        11⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 220
        10⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        9⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 216
        8⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
        7⤵
        Program crash
        
        PID:3460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
        6⤵
        Program crash
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        6⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7602.exe
        7⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33726.exe
        8⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
        9⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        10⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
        11⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 236
        11⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
        10⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        9⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        8⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 216
        7⤵
        
        PID:4924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 216
        6⤵
        Program crash
        
        PID:3436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240
        5⤵
        Program crash
        
        PID:916
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56014.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30462.exe
        8⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe
        9⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43490.exe
        10⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58918.exe
        11⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
        12⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55634.exe
        13⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
        12⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
        11⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
        10⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 236
        9⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22931.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
        9⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22546.exe
        10⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        11⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        12⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
        11⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 236
        10⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
        9⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 240
        8⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31016.exe
        7⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
        8⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38119.exe
        9⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17751.exe
        10⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
        11⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 220
        11⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
        10⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
        9⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
        8⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
        7⤵
        Program crash
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1421.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        9⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
        10⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24622.exe
        11⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
        11⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 220
        10⤵
        
        PID:10140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        9⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
        8⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
        7⤵
        Program crash
        
        PID:3764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        6⤵
        Program crash
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49470.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38630.exe
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63793.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        9⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52177.exe
        10⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        11⤵
        
        PID:10768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
        11⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
        10⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        9⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
        8⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
        7⤵
        Program crash
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        6⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55625.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36557.exe
        8⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36609.exe
        9⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
        10⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 216
        10⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
        9⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
        8⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 216
        7⤵
        
        PID:5444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 220
        6⤵
        Program crash
        
        PID:3740
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
        5⤵
        Program crash
        
        PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49387.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52013.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62366.exe
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        8⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8946.exe
        9⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24222.exe
        10⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe
        11⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48467.exe
        12⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 220
        12⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
        11⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
        10⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
        9⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5446.exe
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
        10⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        11⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 216
        11⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 220
        10⤵
        
        PID:9576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        9⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 220
        8⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        7⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
        8⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
        9⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        10⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe
        11⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 236
        11⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
        10⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        9⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
        8⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 240
        7⤵
        Program crash
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15858.exe
        6⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49678.exe
        8⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
        9⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
        10⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        11⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58104.exe
        12⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
        11⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
        10⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
        9⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        8⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 236
        7⤵
        
        PID:4648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        6⤵
        Program crash
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56144.exe
        6⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54089.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
        8⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29048.exe
        9⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55706.exe
        10⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17653.exe
        11⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 236
        11⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
        10⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
        9⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
        8⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
        7⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63881.exe
        6⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37426.exe
        7⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56510.exe
        8⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
        9⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17741.exe
        10⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 220
        10⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
        9⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 236
        8⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        7⤵
        
        PID:4736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 240
        6⤵
        Program crash
        
        PID:3424
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 240
        5⤵
        Program crash
        
        PID:2780
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
      4⤵
      Program crash
      PID:2176
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
  2⤵
  - Program crash
  PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe

Filesize
184KB

MD5
7bc85d840362580c2f8b01d07b487538

SHA1
bec1273f56113a668c805a98eff2969837334837

SHA256
76cb1d7210135de0ca20c5c0b37f6a46a14337e77678150aa403825df39c9e2e

SHA512
2bf148b5c3700f4fb0fbbca6798dc3d66c62bc4c62a475a01eaf9df6783304d72f84d6883de0eb36e186a83625c20db1a5ed7d914c808f1d54d66dd1d05619ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22484.exe

Filesize
184KB

MD5
a6f8c98e99dcadb4adf988bfded207be

SHA1
08138894696cf8b59512f8c4e3a2eefc7fd1eaae

SHA256
93e571bc515964fef44ea19d1d7783696c886ac35d7e4a03b84460ca25d2b0fa

SHA512
d7703781a08f50b9e977c7a59bc1c7ee1e37f52481d74b6682d5265546e94eaac93d647b56365ada00f181da9569a1c9cd0246db64e2bb4fc1e1378e34bd75ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe

Filesize
184KB

MD5
75af09a274be0e6592bf9f29b8a90a8f

SHA1
4b02639d31a30a66898e858f57986823d4add812

SHA256
f663cc542c4d43b1a49b1305bbad5fbfb022715b9a9f46fe5a118ea6597432f7

SHA512
47b1c418b372ea9c7123772c5c7b02c54e9c447879974cd5a6da83c72dab4fc2380a1f340c288668d205f5ecc8df0033db05bb619e8d88795081a64afa65d939

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32392.exe

Filesize
184KB

MD5
b8dc77732e3edaaa66f4e18422bde61d

SHA1
7355aa4cfaf63be72d45dd99644172e24cc1cf83

SHA256
9554f1392740b7ebc23732836075e4fd9159777562b91b13031bbdf8e1158f8a

SHA512
f0a2b09fc4e8e002a233b4f93111ac598117c5ace85024c838f93b8b52148a7f349c7b80a726eb35adda9727e5b5e21568c771f14e5de6417ec88bbfce8c0626

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe

Filesize
184KB

MD5
8ea169bc8e12b4cd9c8d6e9a30dae77a

SHA1
0f7d4bb20e52fe684cdc3192caa03e48e1c5c9d9

SHA256
94fbd960b1b2be9f2d658fea8d7911c0170118ba71e310544d44b15591dd037a

SHA512
4488f09f130c550a18b519e23e0ae112f0d018b36fd3b6e7814f2f45df5c944de16c0a5b9f1a865f085b2a07989557fa8709ac83899fe636daec46cc1000962b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe

Filesize
184KB

MD5
4962381844a4709218c46029b9338420

SHA1
e09c61e90c7b5b5661f47a0ffdc75d166f5afd90

SHA256
0d16b8c55b45dcf2a536899a31b1e6bcbfbd2b9abfd058c955ee4eaed33478d1

SHA512
459216ade73285d7b12f485cfb93edfa272a05c968e8a92f0ae9d3bb0fcb4799891f185534e5e28e687a708ea8784993da1d3ad73a3a305dfcc66900a042a2c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40123.exe

Filesize
184KB

MD5
522c3d9a3ae2d89bac5e80fe23916a9e

SHA1
4db8195ec0eaf59a475a7ad9a0c8dbfdfb6372fb

SHA256
1dd4299590a0deac0bc1197283c57afd3b8e92d2d2cc980db74ce74e27ce6348

SHA512
e776a6d884d035786f199d0bc10f175839d8006bfb095640cf8b5b5fe1cfa7f4d80dc4aa1a6358f9f34c6ebfa6290942be1ca0198f9ffc558e50db5478808682

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe

Filesize
184KB

MD5
23e9e282bd2d23c4fa316f01ac78e4ce

SHA1
b78bd9101f50c5c8b9cd3afdd9b26d79e91c1d17

SHA256
9481b7a138904050f1d01f7903696d1ba06efe359044de859c71b4cf7b19714a

SHA512
4811334fcf4ecce1f24cd6ed90969d0890f699a177bb13a180c3e14ea5c1bd66eaee38857ef8f269d2a966ecbeead1f2ff5aa8590251439ec661d62003fd65a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exe

Filesize
184KB

MD5
825e248743aa2420174f331d10e0a46e

SHA1
3b93c6b56f82fa8bfffbed6cfc68985b9c31757f

SHA256
a59223cb0d0a1af36baca73c6e4538a9ae28ce8d16ad1b6b1fdb431dbfe5935f

SHA512
6a505eeb59771b3b678d3788d7e4828bd2e88234dc8a634a533d05b210b4f3c5ea75edf06cf48585145416f1d323d8378f7012d12722cc1b0e08baa724f0cbe2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe

Filesize
184KB

MD5
72f89ee5e850f47235a84fb0e26395fe

SHA1
19c3d820d55d5c6a3506e2181fd8c98f13a30292

SHA256
f745bc90e53ea096154bb2790bd9423bc2c2371588a2e9a0558be3bc5f31ff90

SHA512
9e9579c64b210f80176e9a6353f05ff22c84f440b86a84b03deb2a936478c78bb556c64a5499af05565372a02be773f3c92ece55ed4f9a7088aefecb449a9c5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5765.exe

Filesize
184KB

MD5
beb794d29b1ffac6fcd1698caaa9076a

SHA1
2e7dcd86cad9ff173e9d1c56252e72275cb30f5c

SHA256
42a25a87c6a12bfb92d48c7074e5eacc91411bfa8668fd6635352f7b645c7e35

SHA512
a977e25e6c0d1453d7b5f67f93aacefb95c249d3c9b2ba0d96c2db3fc00a8a17b2197ade48a60315ce9f5922c00d2f22f3d3588b241797224eb254f2922830e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9833.exe

Filesize
184KB

MD5
2c7ffad43cd685e55c32d277ea03d07e

SHA1
af73bea4776a731463e184f80979b18f4a7cdd74

SHA256
25ead37af89bf51108bdffe3e55c0442564857d7d841d0c9e3121ce28b1ac5ed

SHA512
a113b86e9b0e6113f026505bc0906c8eddfd896f4c961c43de7f33817448397c0570024bbc5a87485ed07f16847a710654e1838af4fbe2d366e36966fea24e80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9937.exe

Filesize
184KB

MD5
61e74ddb3f83edcc68830adb17950aed

SHA1
b25447aae9dfa0e6b9aabb3829fcdba06099ba34

SHA256
7a89875f744d57f33f06e370f97349940d8d9df3230ead2dc39c505274125843

SHA512
21a09c278c3373d54d965cef2462d65785ebe5aaa3a4d1640840c7a6235c57e7ebd1609dca716736d5fe2ce29dc160d2a0f15e838cf4b7fe97def82cdc57f608

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe

Filesize
184KB

MD5
5c776f4c445ac28504edf9f3c32f9b96

SHA1
4588f1e380a1004a6697e77b2e4f5f43a538fc8e

SHA256
27fe5da3c47b5bda5074c1eabf5807098b6742c24c0f8b7036245a67549da6c2

SHA512
d69818f008bd90dbaa60123460f3a3ab5ee91b5aa524d53132d3d60bb2b197621b8ce817b4ac016b5c1050aa3b60c74226fdc26a8e7ed93316dc4f8491475a90

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13746.exe

Filesize
184KB

MD5
b8d43f1d28a76dc37c44ccc928321293

SHA1
16f5d0b28257d3d5df3240bf841cab48450645d2

SHA256
92f82937e6b26864936780085ff96f0fd65bba9535379bcedc98016bcac8dc35

SHA512
87163ba1b241a3519ad1268be9bfa6768bb2e9e4f37c1dca45f09bf7d743d6a7370c6fcd532be46e2f014a1076ed2d1ca5b7ec437d63be829874631fde849cbc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16103.exe

Filesize
184KB

MD5
887f4121df90728519d605158cafd783

SHA1
2934dac9a56301e726f0b65ad0ba9cb05c729fdc

SHA256
ab0da4dbdb21db1bd5b5cfbd8cb21eac93a5b29ea28cc00865090a08bdd137cd

SHA512
928ee17d009f7fa2d59d4f531859734324a0ba4334a7ff3b881a9dca72d3f4d12733c878eb745929df3d88b82e76c0b7a848a6ceccb63c44a69bcc77ee451b82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe

Filesize
184KB

MD5
9cd7578ffbf607374571104dc568df49

SHA1
cbfa337b19e19ff7109b3ed5a5874f3396df4701

SHA256
fa9dc7f4b3e7266bf7e1a2bcdab5826e46c1638599730caedd18566fd9fd3cd8

SHA512
ec5647929b872832ae3014a3586895f64226c19669f2152a35d18e01214178b6855c8bfaf3a7c17aee4925cbc8fde7315d6a6035de2e0008c0300b9a6ff995ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe

Filesize
184KB

MD5
15ffdb29935ff9e051a42d0d0641fead

SHA1
f2c7ced338cd728f269c972a8503a4b4445ecf1c

SHA256
604ef60dda8dcb0aa1163bc5e1be1b738454be22d4f314a2490a905a965c57a6

SHA512
348410b4cf5a7a7580719361db0c7f4be2432538515ab689f507622ebf882336906eb7a8d060a36014d7e732045066f12fccdba7f598eddabcfdeeb3afd908eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe

Filesize
184KB

MD5
8552674fec2e86c86f1aff64267c2eba

SHA1
3f001ca1908bc8ab3dac762ec3cfed9672e3b0bf

SHA256
a7710c7ae109a585f235686df2e38ba2a6c06aacf93a5fbdf8d584222f6ffad0

SHA512
cd89ede0b07f99fd48ea2ce3439ab20b14cb434ee6449d1043d049fcde8cf8e62bb1c1dc28c67de8685de05c6cfcdde1686f3f3b8c31fb04c68e58dda69b6d28

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51421.exe

Filesize
184KB

MD5
62ac893dbf5113391cb960ff4161c58a

SHA1
90d27f6e6b5151acf4fb8802c96411de55d8f9c2

SHA256
15f2d5b1ef77e0bd3b689bf9ab1fd945f35cae5fc3939491835bc7b72fa5d93f

SHA512
c4c2626fd21a4c7e070090c8507168a1ee3c9dd280611bbc40344a21d5f7c27e03d3c91c41fc975b021d57af7f4348b89c388ea70d67bb6ae21d98806d305e62

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe

Filesize
184KB

MD5
d584b4eead879b31bfb05ce089bba005

SHA1
38c4c041e6fa8cfaa4d9f37024c8f942e7582bb8

SHA256
b9d1291bba5e1ceb68d449f94d0a5b0693e56a082d10bdda05a0aa24201b78e8

SHA512
c1e7a5085f78fde23889067085690992f372ab3332ce0ca616c8a2e4f120f9ab9ae38a63c3559af42ff7da42371a93525c904606528b3b1b401690b6cb41ebc8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe

Filesize
184KB

MD5
f79884cee2d792f9757d09eebfdef8c4

SHA1
0b3d88e5940908f8bce83ba9a53e99ebc0438a61

SHA256
5e8c67d7de07ea024158fb76941c88edace2e56d3dc1eb5b521788a957a25b82

SHA512
d543560000095c789b190ccaf6b0201e97acaceaaa63fec2be8db9e99e7a7fcd44ff6cc5dedd5c91bc4d474f9419beaf6bf77ae2d8567e508fb40dc7274b4174

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe

Filesize
184KB

MD5
7526b8345dd64f1f536bcbd459514d06

SHA1
04f80e82f7fd6a02b588296a75db8bc8afecdda4

SHA256
95df76628dfa915feaa96d97aba3ac1044201cbd8c20fa950a12f5e6efccf100

SHA512
5ad86e9564478e7e53ffbf47f49a850b6d9dc8db8b221a9089618e066f59b69caaa5045f7f64c510e65c1bd9de902566815fcd577724d82bb3a1fb57384749f6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe

Filesize
184KB

MD5
ecf2da654f6f2d924c0040eef1c2bb50

SHA1
70ee4a6304dedb58e17e9f5a4eaaf539b245a6f6

SHA256
50bfd31429700ebf14ef5bfc6ef6fb43a9c50ccfeaffdf8dac9c01e0fbde8317

SHA512
55305fa1a97402a965156dad79411bf4bab425fcc403cde0f5cc8591e19894d34ce8185ed5b2e15950ac62d6b76ed088f48df514fe477ca6b99efa6c508db833

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads