0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 18:14 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe
Size

184KB
MD5

95f238d98d0da7d40b2a8c93dfe97652
SHA1

2d32d3f61b153c5aa612049c77665d39034f4e9b
SHA256

0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb
SHA512

1afa3b71a0088daede7521ed1fc437409ddd9a5a7b97b9dc7923adbe7f56233e277b851d56f3ceba98ea3ff7a8664fab83f38a6c8c1a9011209532412735a907
SSDEEP

3072:xN9yY8ofuRhTdFaWeA7LRpsUhlnViFFn3:xNEoWJFa8LHsUhlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3024	Unicorn-29571.exe
2572	Unicorn-21486.exe
2672	Unicorn-36430.exe
2488	Unicorn-54952.exe
320	Unicorn-40007.exe
2796	Unicorn-40007.exe
1972	Unicorn-61579.exe
2812	Unicorn-4210.exe
2696	Unicorn-49882.exe
1708	Unicorn-39021.exe
1672	Unicorn-53966.exe
772	Unicorn-22768.exe
1456	Unicorn-37712.exe
1800	Unicorn-43188.exe
2196	Unicorn-16546.exe
1320	Unicorn-32258.exe
2328	Unicorn-52124.exe
992	Unicorn-36342.exe
1508	Unicorn-56208.exe
448	Unicorn-18767.exe
2244	Unicorn-53577.exe
1792	Unicorn-2985.exe
1360	Unicorn-35871.exe
1728	Unicorn-50816.exe
1332	Unicorn-48123.exe
1328	Unicorn-17397.exe
2044	Unicorn-63068.exe
2324	Unicorn-25565.exe
2120	Unicorn-40509.exe
1528	Unicorn-60375.exe
2316	Unicorn-44594.exe
1824	Unicorn-64459.exe
3056	Unicorn-28087.exe
2620	Unicorn-12305.exe
3000	Unicorn-6296.exe
2596	Unicorn-21241.exe
2496	Unicorn-41107.exe
1816	Unicorn-14464.exe
1992	Unicorn-29409.exe
2848	Unicorn-18549.exe
1060	Unicorn-61527.exe
2948	Unicorn-45746.exe
2452	Unicorn-4158.exe
2712	Unicorn-53914.exe
640	Unicorn-51221.exe
1444	Unicorn-28663.exe
2252	Unicorn-28663.exe
2012	Unicorn-63473.exe
2900	Unicorn-32747.exe
2116	Unicorn-47692.exe
2896	Unicorn-47692.exe
1072	Unicorn-12565.exe
2068	Unicorn-31594.exe
3032	Unicorn-6343.exe
856	Unicorn-49877.exe
2208	Unicorn-36878.exe
1132	Unicorn-55907.exe
1876	Unicorn-14319.exe
1712	Unicorn-14319.exe
2864	Unicorn-14319.exe
1968	Unicorn-49130.exe
2888	Unicorn-2622.exe
2760	Unicorn-22488.exe
2220	Unicorn-37432.exe

Loads dropped DLL 64 IoCs

pid	Process
2396	0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe
2396	0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe
3024	Unicorn-29571.exe
3024	Unicorn-29571.exe
2396	0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe
2396	0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe
2572	Unicorn-21486.exe
2672	Unicorn-36430.exe
2672	Unicorn-36430.exe
3024	Unicorn-29571.exe
2572	Unicorn-21486.exe
3024	Unicorn-29571.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
2488	Unicorn-54952.exe
2488	Unicorn-54952.exe
2572	Unicorn-21486.exe
320	Unicorn-40007.exe
320	Unicorn-40007.exe
2572	Unicorn-21486.exe
2796	Unicorn-40007.exe
2796	Unicorn-40007.exe
2672	Unicorn-36430.exe
2672	Unicorn-36430.exe
1640	WerFault.exe
1640	WerFault.exe
1660	WerFault.exe
1660	WerFault.exe
1660	WerFault.exe
1660	WerFault.exe
1640	WerFault.exe
1640	WerFault.exe
1640	WerFault.exe
1660	WerFault.exe
1972	Unicorn-61579.exe
1972	Unicorn-61579.exe
2488	Unicorn-54952.exe
2488	Unicorn-54952.exe
2696	Unicorn-49882.exe
2696	Unicorn-49882.exe
2812	Unicorn-4210.exe
2812	Unicorn-4210.exe
1672	Unicorn-53966.exe
320	Unicorn-40007.exe
1672	Unicorn-53966.exe
320	Unicorn-40007.exe
2796	Unicorn-40007.exe
2796	Unicorn-40007.exe
1708	Unicorn-39021.exe
1708	Unicorn-39021.exe
624	WerFault.exe
624	WerFault.exe
624	WerFault.exe
624	WerFault.exe
624	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1344	WerFault.exe
1960	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2472	2396	WerFault.exe	27
2516	3024	WerFault.exe	28
1660	2572	WerFault.exe	29
1640	2672	WerFault.exe	30
624	2488	WerFault.exe	34
1344	320	WerFault.exe	32
1960	2796	WerFault.exe	33
2752	1972	WerFault.exe	36
2228	2696	WerFault.exe	37
2676	2812	WerFault.exe	38
3036	1672	WerFault.exe	40
900	1708	WerFault.exe	39
1172	1456	WerFault.exe	44
764	772	WerFault.exe	43
1108	1800	WerFault.exe	45
1576	2196	WerFault.exe	46
1608	1320	WerFault.exe	48
2064	2328	WerFault.exe	47
1848	992	WerFault.exe	49
1664	1508	WerFault.exe	50
2144	448	WerFault.exe	54
2528	1792	WerFault.exe	56
2508	2244	WerFault.exe	55
1956	1360	WerFault.exe	57
1468	1728	WerFault.exe	58
2248	1332	WerFault.exe	59
1356	1328	WerFault.exe	60
536	2044	WerFault.exe	61
1400	1528	WerFault.exe	64
2272	2316	WerFault.exe	65
1696	2120	WerFault.exe	63
2072	1824	WerFault.exe	66
3260	3056	WerFault.exe	69
3288	2620	WerFault.exe	70
3600	3000	WerFault.exe	73
3672	2496	WerFault.exe	76
3680	1060	WerFault.exe	80
3696	2596	WerFault.exe	75
3720	1816	WerFault.exe	77
3800	2848	WerFault.exe	79
3812	2452	WerFault.exe	82
3852	2948	WerFault.exe	81
3968	2712	WerFault.exe	83
3996	2012	WerFault.exe	87
3988	2900	WerFault.exe	88
3136	640	WerFault.exe	84
3248	1444	WerFault.exe	85
3480	1992	WerFault.exe	78
3608	2252	WerFault.exe	86
3104	2896	WerFault.exe	90
3424	1072	WerFault.exe	94
3332	856	WerFault.exe	102
4048	2116	WerFault.exe	89
2664	2068	WerFault.exe	95
3352	3032	WerFault.exe	101
4092	1132	WerFault.exe	104
3596	2208	WerFault.exe	103
3844	3048	WerFault.exe	122
4004	560	WerFault.exe	124
3208	2892	WerFault.exe	121
3808	1340	WerFault.exe	130
4128	2220	WerFault.exe	111
4136	1712	WerFault.exe	105
4168	2864	WerFault.exe	107

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2396	0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe
3024	Unicorn-29571.exe
2572	Unicorn-21486.exe
2672	Unicorn-36430.exe
2488	Unicorn-54952.exe
2796	Unicorn-40007.exe
320	Unicorn-40007.exe
1972	Unicorn-61579.exe
2696	Unicorn-49882.exe
2812	Unicorn-4210.exe
1672	Unicorn-53966.exe
1708	Unicorn-39021.exe
772	Unicorn-22768.exe
1456	Unicorn-37712.exe
1800	Unicorn-43188.exe
2196	Unicorn-16546.exe
1320	Unicorn-32258.exe
2328	Unicorn-52124.exe
992	Unicorn-36342.exe
1508	Unicorn-56208.exe
448	Unicorn-18767.exe
2244	Unicorn-53577.exe
1792	Unicorn-2985.exe
1360	Unicorn-35871.exe
1728	Unicorn-50816.exe
1332	Unicorn-48123.exe
1328	Unicorn-17397.exe
2044	Unicorn-63068.exe
2324	Unicorn-25565.exe
2120	Unicorn-40509.exe
1528	Unicorn-60375.exe
2316	Unicorn-44594.exe
1824	Unicorn-64459.exe
3056	Unicorn-28087.exe
2620	Unicorn-12305.exe
2596	Unicorn-21241.exe
3000	Unicorn-6296.exe
2496	Unicorn-41107.exe
1816	Unicorn-14464.exe
1992	Unicorn-29409.exe
2848	Unicorn-18549.exe
1060	Unicorn-61527.exe
2948	Unicorn-45746.exe
2452	Unicorn-4158.exe
2712	Unicorn-53914.exe
640	Unicorn-51221.exe
2252	Unicorn-28663.exe
1444	Unicorn-28663.exe
2012	Unicorn-63473.exe
2900	Unicorn-32747.exe
2896	Unicorn-47692.exe
2116	Unicorn-47692.exe
1072	Unicorn-12565.exe
2068	Unicorn-31594.exe
3032	Unicorn-6343.exe
856	Unicorn-49877.exe
2208	Unicorn-36878.exe
1712	Unicorn-14319.exe
1876	Unicorn-14319.exe
2864	Unicorn-14319.exe
1968	Unicorn-49130.exe
2220	Unicorn-37432.exe
2968	Unicorn-61382.exe
2888	Unicorn-2622.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 3024	2396	0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe	28
PID 2396 wrote to memory of 3024	2396	0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe	28
PID 2396 wrote to memory of 3024	2396	0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe	28
PID 2396 wrote to memory of 3024	2396	0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe	28
PID 3024 wrote to memory of 2572	3024	Unicorn-29571.exe	29
PID 3024 wrote to memory of 2572	3024	Unicorn-29571.exe	29
PID 3024 wrote to memory of 2572	3024	Unicorn-29571.exe	29
PID 3024 wrote to memory of 2572	3024	Unicorn-29571.exe	29
PID 2396 wrote to memory of 2672	2396	0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe	30
PID 2396 wrote to memory of 2672	2396	0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe	30
PID 2396 wrote to memory of 2672	2396	0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe	30
PID 2396 wrote to memory of 2672	2396	0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe	30
PID 2396 wrote to memory of 2472	2396	0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe	31
PID 2396 wrote to memory of 2472	2396	0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe	31
PID 2396 wrote to memory of 2472	2396	0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe	31
PID 2396 wrote to memory of 2472	2396	0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe	31
PID 2672 wrote to memory of 2796	2672	Unicorn-36430.exe	33
PID 2672 wrote to memory of 2796	2672	Unicorn-36430.exe	33
PID 2672 wrote to memory of 2796	2672	Unicorn-36430.exe	33
PID 2672 wrote to memory of 2796	2672	Unicorn-36430.exe	33
PID 2572 wrote to memory of 320	2572	Unicorn-21486.exe	32
PID 2572 wrote to memory of 320	2572	Unicorn-21486.exe	32
PID 2572 wrote to memory of 320	2572	Unicorn-21486.exe	32
PID 2572 wrote to memory of 320	2572	Unicorn-21486.exe	32
PID 3024 wrote to memory of 2488	3024	Unicorn-29571.exe	34
PID 3024 wrote to memory of 2488	3024	Unicorn-29571.exe	34
PID 3024 wrote to memory of 2488	3024	Unicorn-29571.exe	34
PID 3024 wrote to memory of 2488	3024	Unicorn-29571.exe	34
PID 3024 wrote to memory of 2516	3024	Unicorn-29571.exe	35
PID 3024 wrote to memory of 2516	3024	Unicorn-29571.exe	35
PID 3024 wrote to memory of 2516	3024	Unicorn-29571.exe	35
PID 3024 wrote to memory of 2516	3024	Unicorn-29571.exe	35
PID 2488 wrote to memory of 1972	2488	Unicorn-54952.exe	36
PID 2488 wrote to memory of 1972	2488	Unicorn-54952.exe	36
PID 2488 wrote to memory of 1972	2488	Unicorn-54952.exe	36
PID 2488 wrote to memory of 1972	2488	Unicorn-54952.exe	36
PID 320 wrote to memory of 2812	320	Unicorn-40007.exe	38
PID 320 wrote to memory of 2812	320	Unicorn-40007.exe	38
PID 320 wrote to memory of 2812	320	Unicorn-40007.exe	38
PID 320 wrote to memory of 2812	320	Unicorn-40007.exe	38
PID 2572 wrote to memory of 2696	2572	Unicorn-21486.exe	37
PID 2572 wrote to memory of 2696	2572	Unicorn-21486.exe	37
PID 2572 wrote to memory of 2696	2572	Unicorn-21486.exe	37
PID 2572 wrote to memory of 2696	2572	Unicorn-21486.exe	37
PID 2796 wrote to memory of 1708	2796	Unicorn-40007.exe	39
PID 2796 wrote to memory of 1708	2796	Unicorn-40007.exe	39
PID 2796 wrote to memory of 1708	2796	Unicorn-40007.exe	39
PID 2796 wrote to memory of 1708	2796	Unicorn-40007.exe	39
PID 2672 wrote to memory of 1672	2672	Unicorn-36430.exe	40
PID 2672 wrote to memory of 1672	2672	Unicorn-36430.exe	40
PID 2672 wrote to memory of 1672	2672	Unicorn-36430.exe	40
PID 2672 wrote to memory of 1672	2672	Unicorn-36430.exe	40
PID 2672 wrote to memory of 1640	2672	Unicorn-36430.exe	41
PID 2672 wrote to memory of 1640	2672	Unicorn-36430.exe	41
PID 2672 wrote to memory of 1640	2672	Unicorn-36430.exe	41
PID 2672 wrote to memory of 1640	2672	Unicorn-36430.exe	41
PID 2572 wrote to memory of 1660	2572	Unicorn-21486.exe	42
PID 2572 wrote to memory of 1660	2572	Unicorn-21486.exe	42
PID 2572 wrote to memory of 1660	2572	Unicorn-21486.exe	42
PID 2572 wrote to memory of 1660	2572	Unicorn-21486.exe	42
PID 1972 wrote to memory of 772	1972	Unicorn-61579.exe	43
PID 1972 wrote to memory of 772	1972	Unicorn-61579.exe	43
PID 1972 wrote to memory of 772	1972	Unicorn-61579.exe	43
PID 1972 wrote to memory of 772	1972	Unicorn-61579.exe	43

C:\Users\Admin\AppData\Local\Temp\0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe
"C:\Users\Admin\AppData\Local\Temp\0605b7a2a147de7154c3762dae42b412b86647a14e01e4c7a44b424298cf3aeb.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29571.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29571.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40007.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16546.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48123.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61527.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49130.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44143.exe
        10⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19914.exe
        11⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        12⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48440.exe
        13⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15683.exe
        14⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 220
        14⤵
        
        PID:13428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
        13⤵
        
        PID:11236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
        12⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 216
        11⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51195.exe
        10⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        11⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27470.exe
        12⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        13⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53534.exe
        14⤵
        
        PID:14156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11680 -s 216
        14⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 236
        13⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        11⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
        10⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63172.exe
        9⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        10⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        11⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        12⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-578.exe
        13⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28755.exe
        14⤵
        
        PID:13624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11260 -s 220
        14⤵
        
        PID:13456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 216
        13⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
        12⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
        11⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 236
        10⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 240
        9⤵
        Program crash
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48227.exe
        9⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
        10⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        11⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32042.exe
        12⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
        13⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        14⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10152 -s 216
        13⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
        12⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        11⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
        9⤵
        Program crash
        
        PID:4128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
        8⤵
        Program crash
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
        9⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26245.exe
        10⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2482.exe
        11⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21912.exe
        12⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46790.exe
        13⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        14⤵
        
        PID:13800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10332 -s 216
        14⤵
        
        PID:14212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        13⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        12⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        11⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
        10⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23784.exe
        9⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        10⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18451.exe
        11⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6608.exe
        12⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62413.exe
        13⤵
        
        PID:14012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 216
        13⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 236
        12⤵
        
        PID:12236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        11⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        10⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
        9⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
        8⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3686.exe
        9⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59851.exe
        10⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17828.exe
        11⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63894.exe
        12⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46632.exe
        13⤵
        
        PID:13760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10368 -s 216
        13⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 216
        12⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
        11⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        10⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        9⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
        8⤵
        Program crash
        
        PID:3852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        7⤵
        Program crash
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51221.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        9⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
        10⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48414.exe
        11⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17740.exe
        12⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        13⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38397.exe
        14⤵
        
        PID:13996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11940 -s 236
        14⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 216
        13⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        11⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 216
        10⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55471.exe
        9⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        10⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        11⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
        12⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4058.exe
        13⤵
        
        PID:13860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10832 -s 216
        13⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
        12⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
        11⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        10⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
        9⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56374.exe
        8⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3961.exe
        9⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46660.exe
        10⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        11⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17486.exe
        12⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        13⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9284 -s 216
        12⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
        11⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
        10⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 216
        9⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 240
        8⤵
        Program crash
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27894.exe
        7⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3940.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1730.exe
        10⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        11⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        12⤵
        
        PID:14104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11200 -s 216
        12⤵
        
        PID:14096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 236
        11⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 236
        10⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
        9⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 216
        8⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        7⤵
        Program crash
        
        PID:536
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        6⤵
        Program crash
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4158.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30656.exe
        8⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
        9⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30604.exe
        10⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11849.exe
        11⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        12⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62794.exe
        13⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9320 -s 216
        13⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        12⤵
        
        PID:10448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        11⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 216
        10⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27074.exe
        9⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
        10⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        11⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe
        12⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 216
        12⤵
        
        PID:13068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
        11⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        10⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        9⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
        8⤵
        Program crash
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14874.exe
        7⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27868.exe
        8⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2674.exe
        9⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49623.exe
        10⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35929.exe
        11⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        12⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11188 -s 220
        12⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 216
        11⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        10⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        9⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 216
        8⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
        7⤵
        Program crash
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63255.exe
        8⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6758.exe
        9⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34595.exe
        10⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25083.exe
        11⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48599.exe
        12⤵
        
        PID:14076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11000 -s 216
        12⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 236
        11⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        10⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
        9⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 216
        8⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe
        7⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24190.exe
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33064.exe
        9⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25332.exe
        10⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
        11⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        12⤵
        
        PID:14068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11400 -s 220
        12⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 216
        11⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
        10⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
        9⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 216
        8⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        7⤵
        Program crash
        
        PID:3968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
        6⤵
        Program crash
        
        PID:1608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49882.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14464.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22488.exe
        8⤵
        Executes dropped EXE
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37921.exe
        9⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        10⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51875.exe
        11⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        12⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25654.exe
        13⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9392 -s 216
        13⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        11⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 236
        10⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        9⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18866.exe
        10⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34678.exe
        11⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        12⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
        13⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11020 -s 220
        13⤵
        
        PID:14312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 216
        12⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
        11⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
        10⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 220
        9⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22139.exe
        8⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        9⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58720.exe
        10⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        11⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
        12⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
        13⤵
        
        PID:13900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11412 -s 216
        13⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 216
        12⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 236
        11⤵
        
        PID:10076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        10⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 236
        9⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
        8⤵
        Program crash
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37921.exe
        8⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37812.exe
        9⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17688.exe
        10⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
        11⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3894.exe
        12⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        13⤵
        
        PID:14044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10876 -s 216
        13⤵
        
        PID:14092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 216
        12⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
        11⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
        10⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 236
        9⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26882.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        9⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47973.exe
        10⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
        11⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24007.exe
        12⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11984 -s 236
        12⤵
        
        PID:9836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 216
        11⤵
        
        PID:13028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
        10⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        9⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 220
        8⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 240
        7⤵
        Program crash
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34880.exe
        9⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8232.exe
        10⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe
        11⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65267.exe
        12⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9316 -s 220
        12⤵
        
        PID:13532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
        10⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
        9⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
        8⤵
        Program crash
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40613.exe
        7⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63852.exe
        8⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
        9⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62384.exe
        10⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58902.exe
        11⤵
        
        PID:12444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 216
        11⤵
        
        PID:13212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
        10⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
        9⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 216
        8⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 220
        7⤵
        Program crash
        
        PID:3480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
        6⤵
        Program crash
        
        PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50816.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
        9⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
        10⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16588.exe
        11⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        12⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
        13⤵
        
        PID:14088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11444 -s 220
        13⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
        12⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
        11⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
        9⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
        9⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        10⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16431.exe
        10⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        11⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17925.exe
        12⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 216
        11⤵
        
        PID:12704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 220
        10⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
        9⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        8⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61034.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60370.exe
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47599.exe
        9⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51694.exe
        10⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        11⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        12⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9456 -s 216
        11⤵
        
        PID:13112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 236
        10⤵
        
        PID:10576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        9⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        8⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        7⤵
        Program crash
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45601.exe
        6⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29753.exe
        7⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        8⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
        9⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
        10⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52649.exe
        11⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55096.exe
        12⤵
        
        PID:14152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11568 -s 216
        12⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
        11⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
        10⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        9⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 216
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        7⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
        8⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
        9⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19245.exe
        10⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
        11⤵
        
        PID:14292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10328 -s 216
        11⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 236
        10⤵
        
        PID:11408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
        9⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        8⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
        7⤵
        
        PID:4784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
        6⤵
        Program crash
        
        PID:1468
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        5⤵
        Program crash
        
        PID:2228
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61579.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22768.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53577.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
        9⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
        10⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23687.exe
        11⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        12⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7950.exe
        13⤵
        
        PID:14216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11192 -s 216
        13⤵
        
        PID:14136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8216 -s 216
        12⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
        11⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
        10⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 236
        9⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 216
        8⤵
        Program crash
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2622.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37921.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41896.exe
        9⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
        10⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        11⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60625.exe
        12⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
        13⤵
        
        PID:13928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11212 -s 216
        13⤵
        
        PID:13656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 216
        12⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
        11⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        10⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
        9⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
        9⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34678.exe
        10⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56001.exe
        11⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
        12⤵
        
        PID:14324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10768 -s 216
        12⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
        11⤵
        
        PID:10376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
        10⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        9⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 220
        8⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        7⤵
        Program crash
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21585.exe
        8⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
        9⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64.exe
        10⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43801.exe
        11⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
        12⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 236
        12⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
        11⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
        10⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 216
        9⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
        8⤵
        Program crash
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        7⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56431.exe
        8⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        9⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        10⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        11⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9584 -s 216
        11⤵
        
        PID:13560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
        10⤵
        
        PID:10472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 236
        9⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        8⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 220
        7⤵
        Program crash
        
        PID:3696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
        6⤵
        Program crash
        
        PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2985.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6296.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
        8⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42197.exe
        9⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4044.exe
        10⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
        11⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        12⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        13⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 236
        13⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
        12⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        11⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        10⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 236
        9⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57142.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34771.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe
        10⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
        11⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe
        12⤵
        
        PID:13852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10412 -s 216
        12⤵
        
        PID:14332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 216
        11⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        10⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        9⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
        8⤵
        Program crash
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13011.exe
        7⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
        8⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
        9⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
        10⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 220
        11⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
        10⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
        9⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
        8⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
        7⤵
        Program crash
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
        6⤵
        Executes dropped EXE
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        7⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10266.exe
        9⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41865.exe
        10⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60521.exe
        11⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64499.exe
        12⤵
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        13⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10168 -s 216
        12⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
        11⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 236
        10⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 236
        9⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18435.exe
        8⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        9⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
        10⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        11⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 216
        11⤵
        
        PID:13784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
        10⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
        9⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        8⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 240
        7⤵
        Program crash
        
        PID:4092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
        6⤵
        Program crash
        
        PID:2528
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
        5⤵
        Program crash
        
        PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37712.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18767.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28087.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12565.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
        9⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        10⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63847.exe
        11⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe
        12⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64740.exe
        13⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 216
        13⤵
        
        PID:12440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 220
        12⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 236
        11⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        10⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        9⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18439.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41102.exe
        9⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61709.exe
        10⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
        11⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        12⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 216
        12⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
        11⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
        10⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
        9⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 240
        8⤵
        Program crash
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19425.exe
        7⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38305.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14459.exe
        9⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
        10⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
        11⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7898.exe
        12⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 216
        12⤵
        
        PID:13568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 216
        11⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
        10⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        9⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44371.exe
        8⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34491.exe
        9⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        10⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
        11⤵
        
        PID:13160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
        11⤵
        
        PID:13412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 220
        10⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        9⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
        8⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
        7⤵
        Program crash
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31594.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30137.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
        9⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65217.exe
        10⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51886.exe
        11⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40236.exe
        12⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 216
        12⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
        11⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        10⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        9⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 216
        8⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
        7⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
        8⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-448.exe
        9⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37579.exe
        10⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8391.exe
        11⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9684 -s 220
        11⤵
        
        PID:13224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
        10⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 236
        9⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
        8⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
        7⤵
        Program crash
        
        PID:2664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 240
        6⤵
        Program crash
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12305.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61714.exe
        9⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
        10⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15129.exe
        11⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12825.exe
        12⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 216
        12⤵
        
        PID:12980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
        11⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
        10⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 236
        9⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20293.exe
        9⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
        10⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20452.exe
        11⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9740 -s 216
        11⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 216
        10⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
        9⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe
        7⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52669.exe
        8⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        9⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        10⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64499.exe
        11⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
        11⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
        10⤵
        
        PID:10800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
        9⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
        8⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
        7⤵
        Program crash
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
        6⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27999.exe
        7⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
        8⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10754.exe
        9⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43801.exe
        10⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30457.exe
        11⤵
        
        PID:12304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9468 -s 220
        11⤵
        
        PID:13524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
        10⤵
        
        PID:10444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
        9⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
        8⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 236
        7⤵
        
        PID:4772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        6⤵
        Program crash
        
        PID:3288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 240
        5⤵
        Program crash
        
        PID:1172
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:624
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40007.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39021.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49877.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56587.exe
        9⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53245.exe
        10⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        11⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
        12⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46409.exe
        13⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9232 -s 220
        13⤵
        
        PID:13420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 236
        12⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 236
        11⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        10⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
        9⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5995.exe
        8⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
        9⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
        10⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
        11⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19959.exe
        12⤵
        
        PID:13044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 220
        12⤵
        
        PID:13324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
        11⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
        10⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
        9⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 240
        8⤵
        Program crash
        
        PID:3332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 236
        7⤵
        Program crash
        
        PID:2072
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 236
        6⤵
        Program crash
        
        PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44594.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33370.exe
        7⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        8⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
        9⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
        10⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        11⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
        12⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14914.exe
        13⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12048 -s 216
        13⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
        12⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
        11⤵
        
        PID:10948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
        10⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 236
        9⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 236
        8⤵
        Program crash
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24277.exe
        7⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36634.exe
        8⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32846.exe
        9⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        10⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
        11⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9424 -s 216
        11⤵
        
        PID:12380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
        10⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        9⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 216
        8⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
        7⤵
        Program crash
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13504.exe
        6⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51538.exe
        9⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
        10⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
        11⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65319.exe
        12⤵
        
        PID:14180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10920 -s 216
        12⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 216
        11⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
        10⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        9⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        8⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53333.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51538.exe
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41860.exe
        9⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11424.exe
        10⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47037.exe
        11⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11244 -s 216
        11⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 216
        10⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
        9⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        8⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
        7⤵
        
        PID:4384
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 220
        6⤵
        Program crash
        
        PID:2272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
        5⤵
        Program crash
        
        PID:900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36342.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63473.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60012.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32061.exe
        7⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61247.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe
        9⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60422.exe
        10⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63510.exe
        11⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        12⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        13⤵
        
        PID:10148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 236
        12⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
        11⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        10⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
        9⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 236
        8⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        7⤵
        Program crash
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13504.exe
        6⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
        7⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34666.exe
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        8⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
        9⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        10⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25849.exe
        11⤵
        
        PID:14144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11160 -s 216
        11⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
        10⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
        9⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
        8⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
        7⤵
        
        PID:5064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 220
        6⤵
        Program crash
        
        PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17034.exe
        6⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27807.exe
        7⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        8⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57625.exe
        9⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        10⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25654.exe
        11⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        12⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10004 -s 236
        11⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
        10⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        9⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 216
        8⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
        7⤵
        Program crash
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12025.exe
        6⤵
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
        7⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8040.exe
        8⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
        9⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
        10⤵
        
        PID:12508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
        10⤵
        
        PID:13308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
        9⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
        8⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 476 -s 216
        7⤵
        
        PID:5788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        6⤵
        Program crash
        
        PID:4048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
        5⤵
        Program crash
        
        PID:1848
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53966.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25565.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        8⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49270.exe
        9⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
        10⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
        11⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
        12⤵
        
        PID:12556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9420 -s 220
        12⤵
        
        PID:13668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
        11⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
        10⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 216
        9⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
        8⤵
        Program crash
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        7⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35072.exe
        8⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48881.exe
        9⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35550.exe
        10⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
        11⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 216
        11⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
        10⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
        9⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 216
        8⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        7⤵
        Program crash
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe
        6⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4345.exe
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48881.exe
        9⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe
        10⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        11⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 216
        11⤵
        
        PID:700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
        10⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 236
        9⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
        8⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 236
        7⤵
        Program crash
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
        6⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        7⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
        9⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
        10⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34621.exe
        11⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17489.exe
        12⤵
        
        PID:13980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10836 -s 216
        12⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 216
        11⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 220
        10⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        9⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 216
        8⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54252.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25140.exe
        9⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        10⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
        11⤵
        
        PID:13880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11304 -s 216
        11⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 216
        10⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 220
        9⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
        8⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 220
        7⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21563.exe
        6⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        7⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
        8⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        9⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19767.exe
        10⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 216
        10⤵
        
        PID:13472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
        9⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        8⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 216
        7⤵
        
        PID:5772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
        6⤵
        Program crash
        
        PID:3104
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
        5⤵
        Program crash
        
        PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32747.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60012.exe
        6⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
        7⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54340.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39862.exe
        9⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25140.exe
        10⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
        11⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe
        12⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11804 -s 216
        12⤵
        
        PID:1368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 216
        11⤵
        
        PID:12360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 220
        10⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        9⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46727.exe
        7⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
        9⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56001.exe
        10⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        11⤵
        
        PID:13920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 216
        11⤵
        
        PID:13872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 216
        10⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
        9⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        8⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 240
        7⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5227.exe
        6⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
        7⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
        8⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60417.exe
        9⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
        10⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
        11⤵
        
        PID:14256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11052 -s 216
        11⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 216
        10⤵
        
        PID:11716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
        9⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        8⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 236
        7⤵
        
        PID:5380
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
        6⤵
        Program crash
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44231.exe
        5⤵
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
        6⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6846.exe
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26707.exe
        8⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        9⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37714.exe
        10⤵
        
        PID:12372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 216
        10⤵
        
        PID:13124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 220
        9⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
        8⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        7⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36420.exe
        6⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
        7⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe
        8⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
        9⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34292.exe
        10⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11528 -s 220
        10⤵
        
        PID:13812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
        9⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
        8⤵
        
        PID:10064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        7⤵
        
        PID:7012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 220
        6⤵
        
        PID:5284
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        5⤵
        Program crash
        
        PID:1696
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
      4⤵
      Program crash
      PID:3036
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
  2⤵
  - Program crash
  PID:2472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe

Filesize
184KB

MD5
d63a9fd67943a7f7d1aee1fbf288587c

SHA1
59dde860e6cf522c3e9cd241c66347452b52eb7e

SHA256
6f40226a48662f9df106845237c6f3aaa012bc570d961ac84c8d4f0e8d7bef73

SHA512
7ac5c6cc2e3e49f9e6db8cb1dcaeef6a34e50553d832c1903429be7d0881b29b87b13cebff1404baf055d1f27f5cd98551c566539114088a1139299609df55ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2674.exe

Filesize
184KB

MD5
cbc130279886ad0d94ec25c910591c6b

SHA1
843d2eb9b70b50fe337120a4050969b8b045f36c

SHA256
8473ed13e7da6ef3610e2808b207d38898265b5cdb5ccd979f0c1fca6c8a176d

SHA512
6bd5619a636730b24f5a231a37b145a203c7736cd62c81ea6e7cf6b2f8b54d7490cf8a7bd63f294ce813dc0450886aa5f0d1d7475739fbde55174620bb2a9bb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe

Filesize
184KB

MD5
23ff070d36fc395b9827b3b864baaf1d

SHA1
fe16a2b196b6557e8bdabcb83930a7fda2bb59ee

SHA256
2df86d3eb52ab861453d1430dafb018c2f283dddb8741b60b90931cfa69bd409

SHA512
b849224515a88e549d6f150e7cd4245d4c801342e7a2a0e410f85f8ce97b63e6554cc7f8451d450d4b4f0a27f8cedee32b79fd87604e79baca131be7270132e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe

Filesize
184KB

MD5
8f656d70e3028e94996a912262698fb7

SHA1
04ee2ac08b5147d7128ca223dfdc79edec652ce9

SHA256
cf9fb00bd6db6e7250ff9a6a4f54fc36da053b553e58291ccdc8451ddd0c4a7b

SHA512
845fb4b438fbb81df9c5d9d7972a431d827045660be0039ed3f189b2b2e073fefaeb1287ef4049e83febd4877849268534a1656343f67ca5ced684862c320ce7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe

Filesize
184KB

MD5
ae7a9b43a6bce52b22b8deb2f63be582

SHA1
5468510fa9f15ff6cba32a9258c9145038710a42

SHA256
735e8a9cd49626fd0c7fba8660e4df50e76a578399b1073dde1ed6f64411c504

SHA512
dcdb5794e5eedfcf8631e557b90d41edaa5fa3cc167c3e1548a79227253862a3065e756ed1fe666a3e47ee4e091a5fc8d92b7c5155f3e142d3f95c52825d68d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe

Filesize
184KB

MD5
5d53b42ea8485ca51337d2b18d88ed24

SHA1
b143fb248665ddc7af26418d37cbd435186f7bf1

SHA256
0e385fca4390fb31fe9eadb07bc6c454f311ca275cc104676c721736d13bff0c

SHA512
5b78b0cc968d4f77fb78d35afae2e6a3d4aa70760c0f28bb52e98e9a4dbca65de5e654bfdd3dd882a747ad68797b8e685a8440ef8350498a85d20da35c2a081e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe

Filesize
184KB

MD5
dd426385b2f79dce1bd9b32619581dc9

SHA1
49b5126d054951315af0abf984c0278e7b86d1dd

SHA256
24cff87e9671ad9269d0b2c4c2233fb8f340e39ae8c1c250a5b9c46c4009d596

SHA512
8e612089ba2296e58e9a4382217f39c644d7e655ce54eb8fa40e05f706f14808d7283747ea954089a6b8f6504791160a2b9e5ee4dc5b4890a9383801018d9978

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53966.exe

Filesize
184KB

MD5
6576af9a6173c3b69112751cb74f9b1b

SHA1
051420d397ea5200269c7df8cb7e18b03816bd25

SHA256
8a5c72007d1e7c26ec4a2c5d056ae49950bcb45b019123d60810417bcd6f2f69

SHA512
93ba6da9926fe1e3b1cbe02c7f60bcfaf0774155a84858c0d54f7292a368fe879cacda02d2aecb285fa934708b253127c7a9fad69508e1fdf831923d911b5052

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe

Filesize
184KB

MD5
01bc7959997d2f2a0ca36b3a3b72252b

SHA1
87df3945cb1ef95445a1505ac53660eb272b4379

SHA256
093dc545785bb8aa1aa9b03ef34aa437e82e3952c172518919351ab7684bfb38

SHA512
ea8a5295f4ec6bc66d83c10b865eefb26ee8731824ac8b2dfa44771a6b5acc210a66954c5898924184906434bd7e0dac1fa2c794e5af892a021ab0c8e0c53b43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe

Filesize
184KB

MD5
08d7b2844537d09a613c3a300b038502

SHA1
311dd0db0ef45df9bcaf0b72fa95f6249684e043

SHA256
f0510f01915814ee2ecf498762a66690fee73da9ab2d4b34db3b9939df37f25c

SHA512
1a63fdc4d58c07eac7eb217d03f7d5d47dfa2016dfa5d99b6917f76cde2469dbfa746edcb0aba98ec191780794ec27c815dd68b12cf31e60a26d0d7ec0e7edf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58902.exe

Filesize
184KB

MD5
048837a0dfc231944f289a4d227310fb

SHA1
b82f6342c17eb61bf92c0291ff3e09e041ad35af

SHA256
fcd8f7221092effcaee52c419c8e13e4096b2ab82471e51c32424a06cd9fed58

SHA512
654b02e5d8c3758e5e369b80bd72b64f9b8d7f8c25e4f9d71acb0287aa8d1e6258492b04643f9bb0dccad7f0fdb7a6f0c393d4216a8e0fdc61c65647158e8214

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6296.exe

Filesize
184KB

MD5
02d9c9c85ce3bd1a7ff59c5e30842ed6

SHA1
c0dae090c2b4f15a8ad298dc5c854df86aa28ee0

SHA256
60a2eab3263c273941a39c764f49f888bed39ee90c7edab22de6f27824bce5ee

SHA512
0323d599b63bca2f351bd4c4305acccec3b2d6f2e81eca721849e36ebc2d8d4f35bfb2eaadc8df4f6433128316d5c22946396b346c48c6f6214b7f0ce8494ac8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe

Filesize
184KB

MD5
7a90125f69a52ed190e62b5239668a2d

SHA1
4845caed7c30cd03d73e0c38dfda1a25438323c9

SHA256
05f97e9816ae4c0d28a8747f786eeb91ce54bfc248cd5d5337b8df2fd02e5fdf

SHA512
9a31435ef0f2bcfafe055ee99c0b76f4f2f00598ad880a08b40678068c1db61cc6a2cf21d9392202b43ed302380bf003a6b60cc9cea84ddba0c80cb3441684b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe

Filesize
184KB

MD5
0acee5ac06f7c15967e7e038eec3e2ff

SHA1
e1605bf37d5e3cc049b103f1dcaba26929a1eec6

SHA256
2a0b5f58242404ce130dcacac66a438f22217b2162b475bb7eb45a64048c06e7

SHA512
50d08e472d9ffbc7d3fe07a02e7ea63fd2c05cd18511ca4747ed1faeefc548975220f0ef964ff3f10a964a1b2e934c6e8f457bc8737ed8d4775bd2f03194d39d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22768.exe

Filesize
184KB

MD5
4e89566b2f825d4952a7040659eb2c16

SHA1
56155ab6eb61d3e836113b5c58150c80ebcc21ac

SHA256
0af845b32a122c5c847453dbf34c3a55c4bf739cead841baff147aa106512569

SHA512
b849346737ba88f14a14d331118d4981c81763ae0fb917cbf0239d9b2527435a5f260e87635d206414a560b936780fa8d94f12cfef9e45506af46210db0c34fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29571.exe

Filesize
184KB

MD5
88729da7d37d81384a6aee7c5c14c2ba

SHA1
3f29aba93e89e09e0f17629058a2cccc0f33e48e

SHA256
7159f6498233b2fe26aa237040c9119de90ead17497fb8f61be6b6b4ab90350f

SHA512
c6b608a9510e3b43cbcdb21475628c8e94afa173d1bb0cf216d3817b25a6f5feda014466f574ba56ed7ac289b11141db82c803b0343ee295a1e5ee708eb29afe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe

Filesize
184KB

MD5
e41327858e60b11cfd2569f9fad82324

SHA1
9a745a0108b26856f18a8beb3b80979198c44109

SHA256
2b5fe033be69fed0059f91a7e3e969851b0890b29b7ce0a613fd04070b52cde8

SHA512
645eca9733e27fe340780e73808463a6953071e6d9d066797c2f493ced2f2b604078acb892e5b4d4d6ade14796ccb900423e2c2eb475b0cd0d2865dcdf0ddf38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37712.exe

Filesize
184KB

MD5
eb4d854ed7c009e71903ddd71da4e1e7

SHA1
cc8ae581d59908b775d86ebd75f31965c52896ea

SHA256
9c9591e08ecc057323480416643053d2123d22866dcdbb7924a669d7a54a4e0c

SHA512
c5e6774947e5521aaad5c9c33411ac4fa17689c28dc87906001ebbffdb18188e48ac6e321c05c929bc2fa12881125fc4aa19fc74f161f38925583068dbaa77f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39021.exe

Filesize
184KB

MD5
502ee4b3d60492fd02d47c077a740329

SHA1
7538aab213e00472291a2741a4c1841eb7ad7b81

SHA256
f84321b479b098e04fe2ba6144de3637e9f1ed76a23f021ccacfe0b3fec73fdd

SHA512
c44d386845b73e9ccf31100496b2b5577173c74a0aaeace748a7d101f5deb6297bbd176150400742d14db4837128b483e0695c9343d486c9eab027c5e01e0b4c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40007.exe

Filesize
184KB

MD5
40ba0365cdc0e17d92e14b07ff4757c4

SHA1
9d54e5341a20b96f6da179ae61933a5b10639c5b

SHA256
2c6d3140aa77eef3f441a44c7d69c70d8ca559644fa3575ebc319768da6dedda

SHA512
c976a2bf7a0650ca6b86c5a30910a91f24928a787236187f25fe5c64ea2a0ffaa0911b12b62757df3a47c3d2b80ea2fc29267d7cdafb0b73077dac7869666c87

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe

Filesize
184KB

MD5
2d20824bf1a047ab1fc247fcad5e6997

SHA1
de159151fb8a7b198b83471b9935d9d64f976b8a

SHA256
1882954442c303aeae2a3de11466308e2321c393ba30ad59461c81188f9e6b3d

SHA512
d93bbd89f4975d5f09eeaf878af348cc8909b2bc9e259c99e20cae9ba460261e63538ab9d07320ab4d415c0f2352771d6ef3e6c0226d65ebc7c9c60bdd358b9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49882.exe

Filesize
184KB

MD5
5e54fd1b516715ef491f3a961ce3cf81

SHA1
20ea2c98ba48134e3d873aa88d196a09b425b1c6

SHA256
58a01521b2c5a86398ff5e05a754d6fd375c76ff5b7bb9d18e295b99cdc57391

SHA512
a47c166a61dc21497d6ea3caaf1a34db318391238f14e59eeb6e7edf4b4821de86e01bc255ee988406dac8d584728b2a61addc43a01f3f54bb59258f6ef5c01f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe

Filesize
184KB

MD5
43e15d65fe3674636063f40fa54d07d4

SHA1
d157cc66604854650c3cd16907b94ec3d7d062b8

SHA256
0026cc33f0b5743f8d973d8ddb79388e76317aa3bddffd8d8cfd9a26bcecfcb0

SHA512
84f156338ead9b983e692ad63d00abde866ffa5d37a5856cd19ca701641bd51fa4792a5f8aa6df6f15f8e4378e88de11974874f48ea5fcde1021c36e110f38a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61579.exe

Filesize
184KB

MD5
84051c4f63389c5ce2a1fd85dc3c4872

SHA1
25eadbb3971f4f6ff3b4baac5cb3af79912febe4

SHA256
57bef7237612b76422ac45be6678c66f0046f99c36372b9d4f4f22a774e5277d

SHA512
edbb8fea4cb12b0def65b56a345ec5a87aaebe5c1e3e205e317e951f0b98f043fc2bfdbfc6167b5fa6b2ff518935f997d4dd447d50b575497139886b1e5d8320

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.